CVE-2025-12684
EUVD-2025-20333915.12.2025, 06:15
The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting, which could be used against high-privilege users such as admins.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.