Cross-site Scripting Vulnerability in KaizenCoders URL Shortify Plugin for WordPress
CVE-2025-32134
5.9MEDIUM
What is CVE-2025-32134?
A Cross-site Scripting (XSS) vulnerability exists in the KaizenCoders URL Shortify plugin for WordPress. This flaw allows malicious users to inject scripts into web pages that could result in stolen cookies, session tokens, or other sensitive information. Specifically, this vulnerability affects versions of URL Shortify from n/a to 1.10.4 and can be exploited via malicious input, resulting in stored XSS that can impact all users visiting the infected site.
Affected Version(s)
URL Shortify <= 1.10.4