CVE-2023-4294
Description
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.
NVD
Severity: MEDIUM
CVE ID: CVE-2023-4294
CVSS Score: 6.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Proof Of Concept
b0marek
Repository for CVE-2023-4294 vulnerability.
Refrence: GitHub