URL Shortify WordPress Plugin Reflected Cross-Site Scripting Vulnerability
Vulnerability
A reflected cross-site scripting vulnerability has been identified in the URL Shortify WordPress plugin, affecting versions prior to 1.11.3. The issue arises because the plugin fails to properly sanitize and escape a parameter before displaying it on the page. This vulnerability could be exploited against high-privilege users, such as administrators.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, a logged-in admin user must be made to open a specially crafted link. This link should include a parameter that takes advantage of the plugin's lack of input sanitization, such as one that triggers a JavaScript alert.
Remediation
Users are advised to update the URL Shortify WordPress plugin to version 1.11.3 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.