CVE-2026-1277
π‘ MEDIUMThe URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismi...
Description
Request Expert ReviewThe URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites via a crafted link.
CVSS Scores
References
Additional Information
- Source
- security@wordfence.com
- State
- Received
Related CVEs
CVE-2026-2576
HIGHThe Business Directory Plugin β Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment...
CVE-2026-1931
HIGHThe Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.3...
CVE-2026-1925
MEDIUMThe EmailKit β Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability...
CVE-2026-1714
HIGHThe ShopLentor β WooCommerce Builder for Elementor & Gutenberg +21 Modules β All in One Solution plugin for WordPress is vulnerable to Email Relay Abu...
CVE-2026-1296
MEDIUMThe Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to in...
CVE-2025-6460
MEDIUMThe Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βmessageβ parameter in all versions...
Share CVE-2026-1277
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2026-1277 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!