PT-2025-51090 · WordPress · Url Shortener Plugin For Wordpress
Ifoundbug
·
Published
2025-12-13
·
Updated
2025-12-18
·
CVE-2025-10738
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
URL Shortener Plugin For WordPress versions through 3.0.7
Description
The URL Shortener Plugin For WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the
analytic id parameter is not properly sanitized, allowing attackers to inject malicious SQL code. This enables unauthenticated attackers to extract sensitive information from the database by appending additional SQL queries to existing ones.Recommendations
Update URL Shortener Plugin For WordPress to a version newer than 3.0.7.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Url Shortener Plugin For Wordpress