Description

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking version 1.6.7 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.6.8 or latest

References

http://cinu.pl/research/wp-plugins/mail_9ca443a3759e5c7fd889ae0e02e044e6.html

https://wordpress.org/plugins/pretty-link/changelog/

Related Vulnerabilities

WordPress Plugin Happy Addons for Elementor Pro Cross-Site Scripting (1.16.0)

PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10210)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'nggallery-manage-gallery' HTML Injection (0.96)

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Cross-Site Request Forgery (2.0.1.6)

WordPress Plugin Booster for WooCommerce Cross-Site Scripting (5.6.1)

Severity

High

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update SQL Injection