cleantalk
Vulnerabilities and Security Researches

URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress, CVE-2023-4294

CVE, Research URL

CVE-2023-4294

Home page URL

Security reports for URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress

Application

URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress

Published on
Sep 12, 2023
Research Description
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.
Affected versions
Min -, max 1.7.6.
Status
vulnerable
Previous vulnerability researches
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2025-32134) , Apr 06, 2025
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2023-5605) , Jun 07, 2024
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2021-24749) , Jun 07, 2024
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2023-3129) , Jun 07, 2024
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2023-4294) , Jun 07, 2024
New vulnerability
Easy Contact (CVE-2025-30970) , Apr 08, 2025
DyaPress ERP/CRM (CVE-2025-30582) , Apr 08, 2025
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links (CVE-2025-1264) , Apr 07, 2025
Advanced All in One Admin Search by WP Spotlight (CVE-2025-32261) , Apr 06, 2025
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2025-32219) , Apr 06, 2025