CVE-2025-32134

WordPress URL Shortify Plugin <= 1.10.5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders URL Shortify url-shortify allows Stored XSS.This issue affects URL Shortify: from n/a through <= 1.10.5.1.

We have discovered 918 live websites that are affected by CVE-2025-32134.

Run a Free Instant Scan



Affected Software

Product  Url Shortify
Category Wordpress Plugins
Vulnerable Domains918 live websites (20% of Url Shortify install base)
Vulnerable Versions
  • from 0 through 1.10.5.1
Vulnerable Versions Count57 versions ( 74% of all versions)



Details

  • Published - Apr 4, 2025
  • Updated - Apr 1, 2026

Credits

  • Malvin Valerian Gultom | Patchstack Bug Bounty Program (finder)

Website Distribution by Country

Number of websites using CVE-2025-32134
United States291 websites


Germany123 websites
GB42 websites
France40 websites
Iran37 websites
Russia32 websites
Poland31 websites
Spain25 websites
Italy24 websites
Canada18 websites

Website Distribution by TLD

Number of websites using CVE-2025-32134
.com373 websites
.de63 websites
.org60 websites
.net32 websites
.ru24 websites
.pl23 websites
.it20 websites
.co.uk18 websites
.nl12 websites
.fr12 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-32134

Top websites that are affected by CVE-2025-32134. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*****.org United States**,***
***************.de Germany**,***
****.org United States**,***
******.com Germany***,***
***.***.ua Ukraine***,***
*******.ir Iran***,***
***.tv United States***,***
*************.de Germany***,***
**************.pro Poland***,***
****.********.com United States***,***
See full domain list

FAQ

A total of 918 websites have been identified as vulnerable to CVE-2025-32134, based on global website indexing conducted by WebTechSurvey.
The Url Shortify is affected by the CVE-2025-32134 vulnerability.
Url Shortify versions up to and including 1.10.5.1 are vulnerable to CVE-2025-32134.