The Short URL WordPress plugin through 1.6.8 does not properly sanitise and escape a parameter before using it in SQL statement, leading to a SQL injection exploitable by users with relatively low privilege on the site, like subscribers.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Unknown

Short URL

Affected Versions:

References

https://wpscan.com/vulnerability/0f85db4f-8493-4941-8f3c-e5258c581bdc/

Published: 2025-06-06T06:00:05.014Z

Last Modified: 2025-06-06T06:00:05.014Z

Copied to clipboard!