cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2023-1604,https://securityvulnerability.io/vulnerability/CVE-2023-1604,Cross-Site Request Forgery Vulnerability in Short URL Plugin for WordPress,"The Short URL plugin for WordPress possesses a vulnerability linked to inadequate nonce validation within the configuration_page function. This flaw allows unauthorized attackers to perform Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this weakness by luring a site administrator into clicking a manipulated link. Once successful, the attacker gains the ability to add or import redirects, including comments that may contain harmful cross-site scripting code, further compromising the security of the affected WordPress site.",Wordpress,Short Url,4.7,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-17T07:34:24.648Z,0 CVE-2023-3130,https://securityvulnerability.io/vulnerability/CVE-2023-3130,Short URL < 1.6.5 - Admin+ Cross Site Scripting,"The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,Short Url,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-07-31T10:15:00.000Z,0 CVE-2023-1602,https://securityvulnerability.io/vulnerability/CVE-2023-1602,Stored Cross-Site Scripting in Short URL Plugin for WordPress,"The Short URL plugin for WordPress is susceptible to stored Cross-Site Scripting due to inadequate input sanitization and output escaping in versions prior to 1.6.4. This vulnerability allows authenticated attackers with administrator rights to inject malicious scripts into pages. When other users access these compromised pages, the injected scripts execute, potentially leading to unauthorized actions or data leaks.",Wordpress,Short Url,4.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2023-06-29T02:15:00.000Z,0