← Back

0mk Shortener Project

0mk_shortener_project

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
0mk Shortener
0mk_shortener

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
10mk Shortener Project
10mk Shortener
Jun 17, 2026
Apr 23, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin <= 0.2 versions.
10mk Shortener Project
10mk Shortener
Jun 17, 2026
Feb 6, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This mak...Show more
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the 'zeromk_user' and 'zeromk_apikluc' parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less