What the vulnerability does
01Description
Missing Authorization vulnerability in Blair Williams Shortlinks by Pretty Links pretty-link allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortlinks by Pretty Links: from n/a through <= 3.6.15.
Explanation of Vulnerability in Simple Terms
02Summary
Shortlinks by Pretty Links versions 3.6.15 and earlier lack proper authorization checks, allowing authenticated users with low privileges to modify shortlink data they should not have access to. The vulnerability requires a valid WordPress account but does not require administrator rights. Integrity of shortlink records can be compromised, though confidentiality and availability are not directly affected.
What an attacker can do
03Attacker Capabilities
Modify shortlinks created by other users or change shortlink settings without proper authorization.
Potential impact on your site
04Site Impact
Shortlinks may be altered or redirected by unauthorized users, potentially breaking links or redirecting traffic maliciously.
Conditions required to exploit
05Prerequisites
Attacker must have a valid WordPress user account with at least low-level privileges.
Key dates
06Disclosure timeline
May 19, 2025
CVE published
April 28, 2026
Record updated