Skip to main content

CVE-2023-4294

Description

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.

NVD
Severity: MEDIUM
CVE ID: CVE-2023-4294
CVSS Score: 6.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Refrence: NVDMITRE

Proof Of Concept

b0marek

Repository for CVE-2023-4294 vulnerability.

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.8