Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.7
WordPress URL Shortify plugin can redirect users to malicious sites
CVE-2026-1277
Summary
The URL Shortify plugin for WordPress has a security flaw that allows attackers to trick users into visiting fake websites. This can happen when a user clicks on a suspicious link. Update the plugin to the latest version to fix the issue.
Original title
The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional di...
Original description
The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites via a crafted link.
nvd CVSS3.1
4.7
Vulnerability type
CWE-601
Open Redirect
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026