CVE-2026-25385
WordPress URL Shortify plugin <= 1.12.3 - Server Side Request Forgery (SSRF) vulnerabilityServer-Side Request Forgery (SSRF) vulnerability in KaizenCoders URL Shortify url-shortify allows Server Side Request Forgery.This issue affects URL Shortify: from n/a through <= 1.12.3.
We have discovered 2,551 live websites that are affected by CVE-2026-25385.
Affected Software
| Product |  Url Shortify |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2,551 live websites (56% of Url Shortify install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 69 versions ( 90% of all versions) |
Details
- Published - Feb 19, 2026
- Updated - Apr 1, 2026
Credits
- Jitlada | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-25385 United States | 852 websites |
 Germany | 342 websites |
 GB | 114 websites |
 France | 94 websites |
 Iran | 93 websites |
 Poland | 61 websites |
 Italy | 59 websites |
 Canada | 57 websites |
 Russia | 53 websites |
 Brazil | 50 websites |
Website Distribution by TLD
Number of websites using CVE-2026-25385| .com | 1,010 websites |
| .org | 199 websites |
| .de | 192 websites |
| .net | 82 websites |
| .co.uk | 49 websites |
| .pl | 42 websites |
| .com.br | 42 websites |
| .ru | 41 websites |
| .it | 41 websites |
| .fr | 40 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-25385
Top websites that are affected by CVE-2026-25385. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.org | United States | **,*** | |
| ****.***.edu | United States | **,*** | |
| ***************.de | Germany | **,*** | |
| *******************.com | United States | **,*** | |
| *********.net | United States | **,*** | |
| ****.org | United States | **,*** | |
| ********************.com |  Bulgaria | **,*** | |
| **********.com | United States | **,*** | |
| ****.**.cy | United States | ***,*** | |
| ****.org | GB | ***,*** |
FAQ
A total of 2,551 websites have been identified as vulnerable to CVE-2026-25385, based on global website indexing conducted by WebTechSurvey.
The Url Shortify is affected by the CVE-2026-25385 vulnerability.
Url Shortify versions up to and including 1.12.3 are vulnerable to CVE-2026-25385.