Pretty Links Shortlinks Vulnerable to Cross-site Scripting (XSS)
CVE-2024-29770

7.1HIGH

Key Information:

Vendor: WordPress
Status: Shortlinks By Pretty Links
Vendor: CVE Published:; 27 March 2024

What is CVE-2024-29770?

A Cross-Site Scripting (XSS) vulnerability has been identified in Pretty Links Shortlinks, specifically affecting versions up to 3.6.2. This vulnerability allows attackers to inject and execute malicious scripts in the context of user sessions, leading to the potential theft of sensitive information or unauthorized actions performed in the victims’ browsers. Proper sanitization of user input is crucial to mitigate the risks associated with such vulnerabilities.

Affected Version(s)

Shortlinks by Pretty Links <= 3.6.2

References

https://patchstack.com/database/vulnerability/pretty-link...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2024
Vulnerability Reserved
Mar 19, 2024

Credit

Rafie Muhammad (Patchstack)