{"id":6849,"date":"2025-06-14T04:01:38","date_gmt":"2025-06-14T04:01:38","guid":{"rendered":"http:\/\/localhost\/?p=6849"},"modified":"2025-06-14T04:01:38","modified_gmt":"2025-06-14T04:01:38","slug":"wp-url-shortener-12-cross-site-request-forgery-to-stored-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6849","title":{"rendered":"WP URL Shortener <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nWP URL Shortener <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-14T08:23:22.208Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\ndjerba<\/td>\n<\/tr>\n
Product<\/th>\nWP URL Shortener<\/td>\n<\/tr>\n
Version<\/th>\n*<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n6.1 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nThe WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.2. This vulnerability allows unauthenticated attackers to update plugin settings and inject malicious scripts by tricking an administrator into clicking a malicious link. The issue arises from missing or incorrect nonce validation on the ‘url_shortener_settings’ page.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nWordPress Community<\/td>\n<\/tr>\n
Product<\/th>\nWP URL Shortener<\/td>\n<\/tr>\n
Affected Version<\/th>\n<= 1.2<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n