cleantalk
Vulnerabilities and Security Researches

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management, CVE-2023-0099

CVE, Research URL

CVE-2023-0099

Home page URL

Security reports for Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Application

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

Published on
Feb 13, 2023
Research Description
The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
Min -, max 115.
Status
vulnerable
Previous vulnerability researches
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management (CVE-2023-40678) , Jun 10, 2024
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management (CVE-2023-40674) , Jun 06, 2024
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management (CVE-2023-45606) , Jun 06, 2024
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management (CVE-2023-0098) , Jun 06, 2024
Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management (CVE-2023-0099) , Jun 06, 2024
New vulnerability
Min Max Default Quantity for WooCommerce (CVE-2025-47504) , Jun 09, 2025
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025