CVE-2023-3129
URL Shortify < 1.7.0 - Admin+ Cross Site ScriptingThe URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
We have discovered 196 live websites that are affected by CVE-2023-3129.
Affected Software
| Product |  Url Shortify |
| Category | Wordpress Plugins |
| Vulnerable Domains | 196 live websites (4.27% of Url Shortify install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 27 versions ( 35% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jul 10, 2023
- Updated - Nov 12, 2024
Credits
- Bob Matyas (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-3129 United States | 48 websites |
 Germany | 32 websites |
 France | 16 websites |
 Russia | 8 websites |
 Italy | 7 websites |
 Poland | 6 websites |
 Iran | 6 websites |
 Brazil | 6 websites |
 Canada | 5 websites |
 Spain | 5 websites |
Website Distribution by TLD
Number of websites using CVE-2023-3129| .com | 81 websites |
| .de | 14 websites |
| .org | 14 websites |
| .net | 10 websites |
| .ru | 5 websites |
| .it | 4 websites |
| .at | 3 websites |
| .fr | 3 websites |
| .com.br | 3 websites |
| .cz | 3 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-3129
Top websites that are affected by CVE-2023-3129. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.de | Germany | **,*** | |
| ******.com | Germany | ***,*** | |
| **************.pro | Poland | ***,*** | |
| ***********.com | Canada | ***,*** | |
| ************.*******.com | France | *,***,*** | |
| *******.de | Germany | *,***,*** | |
| ************.pl | Poland | *,***,*** | |
| *********.de | Germany | *,***,*** | |
| *****.md | United States | *,***,*** | |
| **********.***.vn |  Vietnam | *,***,*** |
FAQ
CVE-2023-3129 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Url Shortify
A total of 196 websites have been identified as vulnerable to CVE-2023-3129, based on global website indexing conducted by WebTechSurvey.
The Url Shortify is affected by the CVE-2023-3129 vulnerability.
Url Shortify versions up to 1.7 are vulnerable to CVE-2023-3129.
CVE-2023-3129 is resolved in version 1.7 of Url Shortify.