Open Redirect Vulnerability in URL Shortify Plugin for WordPress
CVE-2026-1277
4.7MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 18 February 2026
What is CVE-2026-1277?
The URL Shortify plugin for WordPress suffers from an Open Redirect vulnerability due to inadequate validation of the 'redirect_to' parameter within its promotional dismissal handler. This flaw allows unauthorized attackers to create deceptive links that redirect unsuspecting users to potentially harmful websites. As such, it poses a significant risk by facilitating phishing attacks and increasing exposure to security threats.
Affected Version(s)
URL Shortify – Simple and Easy URL Shortener 0 <= 1.12.1