cleantalk
Vulnerabilities and Security Researches

URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress, CVE-2025-12684

CVE, Research URL

CVE-2025-12684

Home page URL

Security reports for URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress

Application

URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress

Published on
Dec 15, 2025
Research Description
The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins.
Affected versions
max 1.11.3.
Status
vulnerable
Previous vulnerability researches
WC Fields Factory (CVE-2023-0277) , Jun 07, 2024
WC Fields Factory (6cc027737736ffa5a4ad7d18f7aacab3368b4dae) , Jun 07, 2024
New vulnerability
JetFormBuilder — Dynamic Blocks Form Builder (CVE-2025-11991) , Jan 10, 2026
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content (CVE-2025-68508) , Jan 10, 2026
CC Child Pages (CVE-2025-13608) , Jan 10, 2026
Tainacan (CVE-2025-14043) , Jan 10, 2026
Restrict Elementor Widgets, Columns & Sections (CVE-2025-64244) , Jan 10, 2026