CVE•Published 2026-02-18•1 article on news•6 live references•NVD data
CVE-2026-1277
Vulnerability data via CVEDB (Shodan)
CVSS v3.1
4.7
MEDIUM
EPSS percentile
44
Exploit Prediction Scoring System · top 56% of all CVEs
Description
The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites via a crafted link.
Timeline
Published 2026-02-18
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
More intel sources (5)
Shodan report
vuln:CVE-2026-1277Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-1277Censys host search filtered to this CVE id.
grep.app
CVE-2026-1277Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-1277GitHub code search for direct mentions.
Google dork
"CVE-2026-1277" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (3)
CVE-2026-12773 repos
superiorlu/AITreasureBoxRuby
🤖 Automatically collected AI repos, tools, websites, papers & tutorials. 实用AI百宝箱 💎
Agent-Threat-Rule/agent-threat-rulesTypeScript
Open detection standard -- like Sigma, but for AI agents. 425 rules, shipped in Microsoft AGT, Cisco AI Defense, MISP, OWASP A-S-R-H. 97.1% recall on NVIDIA garak. NIST OSCAL Path …
hiifong/starListPython
Export your star's repository list