Skip to main content

Simple Urls

6 CVEs product

Monthly

CVE-2026-57762 MEDIUM This Month

Stored Cross-Site Scripting in the Simple URLs WordPress plugin (versions <= 151) allows authenticated author-level users to inject persistent malicious scripts into content rendered in the WordPress admin interface. The CVSS Scope:Changed metric indicates the injected payload executes in a security context beyond the attacker's own session - most likely the administrative dashboard viewed by higher-privileged users such as site administrators. No public exploit code or active exploitation confirmed at time of analysis, but the scope change introduces a realistic privilege escalation path from author to administrator via session hijacking.

XSS Simple Urls
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-40674 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs - Link Cloaking, Product Displays, and Affiliate Link Management allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Urls
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-45606 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Urls
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40667 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simple Urls
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-0099 MEDIUM POC This Month

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Urls
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2023-0098 HIGH POC This Week

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Simple Urls
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
EPSS 0% CVSS 5.9
MEDIUM This Month

Stored Cross-Site Scripting in the Simple URLs WordPress plugin (versions <= 151) allows authenticated author-level users to inject persistent malicious scripts into content rendered in the WordPress admin interface. The CVSS Scope:Changed metric indicates the injected payload executes in a security context beyond the attacker's own session - most likely the administrative dashboard viewed by higher-privileged users such as site administrators. No public exploit code or active exploitation confirmed at time of analysis, but the scope change introduces a realistic privilege escalation path from author to administrator via session hijacking.

XSS Simple Urls
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lasso Simple URLs - Link Cloaking, Product Displays, and Affiliate Link Management allows Stored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Urls
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Urls
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simple Urls
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Urls
NVD WPScan
EPSS 1% CVSS 8.8
HIGH POC This Week

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Simple Urls
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy