Stored XSS and CSV injection vulnerabilities in WordPress Shortlinks by Pretty Links plugin.