CVE-2026-0813

CVSS v3.1

4.4

Vector

AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'short link post title' and 'short link page title' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected page.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-0813

Affected Products

Short Link

CVE-2026-0813

Weakness Enumeration

Related Identifiers

Affected Products

References · 4