PT-2026-20273 · WordPress · Url Shortify
Poystick
+1
·
Published
2026-02-18
·
Updated
2026-04-06
·
CVE-2026-1277
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
URL Shortify plugin for WordPress versions prior to 1.12.2
Description
The URL Shortify plugin for WordPress is susceptible to an Open Redirect issue in all versions up to and including 1.12.1. This is due to inadequate validation of the
redirect to parameter within the promotional dismissal handler. An unauthenticated attacker can exploit this to redirect users to potentially malicious websites using a specially crafted link. The vulnerable parameter is redirect to.Recommendations
Update the URL Shortify plugin to version 1.12.2 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Url Shortify