URL Shortify allows attackers to make unauthorized requests to internal servers

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.5

URL Shortify allows attackers to make unauthorized requests to internal servers

CVE-2026-25385

Summary

A security bug in URL Shortify allows hackers to send fake requests to internal servers, potentially exposing sensitive data. This affects all versions of URL Shortify up to version 1.12.3. To stay secure, update to the latest version of the software.

Original title

Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through <= 1.12.3.

Original description

Server-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through <= 1.12.3.

nvd CVSS3.1 5.5

Vulnerability type

CWE-918 Server-Side Request Forgery (SSRF)

https://patchstack.com/database/Wordpress/Plugin/url-shortify/vulnerability/word...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026