The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-09-11T19:46:09.500Z
Updated: 2024-08-02T07:24:04.243Z
Reserved: 2023-08-10T12:56:23.278Z
Link: CVE-2023-4294
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-11T20:15:11.973
Modified: 2024-11-21T08:34:48.073
Link: CVE-2023-4294
Redhat
No data.