CVE-2025-13355

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions URL Shortify WordPress plugin versions prior to 1.11.4

Description The plugin does not properly sanitize and escape a parameter before displaying it on the page, resulting in a Reflected Cross-Site Scripting issue. This could potentially be used to target users with high privileges, such as administrators.

Recommendations Update to version 1.11.4 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-13355

Affected Products

Url Shortify

CVE-2025-13355

Related Identifiers

Affected Products

References · 6