cleantalk
Vulnerabilities and Security Researches

URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress, CVE-2025-13355

CVE, Research URL

CVE-2025-13355

Home page URL

Security reports for URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress

Application

URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress

Published on
Dec 15, 2025
Research Description
The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
max 1.11.4.
Status
vulnerable
Previous vulnerability researches
WC Fields Factory (CVE-2023-0277) , Jun 07, 2024
WC Fields Factory (6cc027737736ffa5a4ad7d18f7aacab3368b4dae) , Jun 07, 2024
New vulnerability
Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content (CVE-2025-68508) , Jan 10, 2026
CC Child Pages (CVE-2025-13608) , Jan 10, 2026
Tainacan (CVE-2025-14043) , Jan 10, 2026
Restrict Elementor Widgets, Columns & Sections (CVE-2025-64244) , Jan 10, 2026
Terms descriptions (CVE-2025-62139) , Jan 10, 2026