PT-2025-43586 · WordPress · Url Shortener Plugin For Wordpress
Ifoundbug
·
Publicado
2025-10-24
·
Atualizado
2025-10-24
·
CVE-2025-10740
CVSS v3.1
6.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
URL Shortener Plugin For WordPress versions through 3.0.7
Description
The URL Shortener Plugin For WordPress plugin is susceptible to unauthorized access to API functionality. A missing capability check within the
verifyRequest function allows authenticated attackers with Subscriber-level access or higher to modify links. The API endpoint is vulnerable due to this missing check. The vulnerable parameter is not specified.Recommendations
Update the URL Shortener Plugin For WordPress to a version later than 3.0.7.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Url Shortener Plugin For Wordpress