返回列表

CVE-2026-1277: URL Shortify <= 1.12.1 - Open Redirect

CVE: CVE-2026-1277

CNVD: 暂无

CNNVD: 暂无

漏洞类型: SQL注入

漏洞等级: 高危

年份: 2026

POC_ID: 暂无

漏洞描述

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites via a crafted link. [已公开] id: CVE-2026-1277 info: name: URL Shortify <= 1.12.1 - Open Redirect author: Shivam Kamboj severity: medium description: | The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites via a crafted link. impact: | Unauthenticated attackers can redirect users to malicious sites, facilitating phishing or malware distribution. remediation: | Update to the latest version beyond 1.12.1. reference: - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/url-shortify/url-shortify-1121-unauthenticated-open-redirect-via-redirect-to-parameter - https://nvd.nist.gov/vuln/detail/CVE-2026-1

FOFA 语句

暂无

影响范围

URL Shortify

漏洞详情

POC: 已公开

漏洞 POC

登录后可查看漏洞 POC。请先登录或注册。

修复建议

暂无

参考来源

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/url-shortify/url-shortify-1121-unauthenticated-open-redirect-via-redirect-to-parameter