PT-2025-50305 · WordPress · Handl Utm Grabber / Tracker
Alex Tselevich
·
Published
2025-12-10
·
Updated
2025-12-15
·
CVE-2025-13072
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
HandL UTM Grabber / Tracker WordPress plugin versions prior to 2.8.1
Description
The HandL UTM Grabber / Tracker WordPress plugin is susceptible to a Reflected Cross-Site Scripting issue. This occurs because a parameter is not properly sanitized and escaped before being displayed on the page. Successful exploitation could potentially target users with high privileges, such as administrators. The issue involves improper handling of user-supplied input, allowing malicious scripts to be injected and executed within the context of a legitimate user's session.
Recommendations
Update the HandL UTM Grabber / Tracker WordPress plugin to version 2.8.1 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Handl Utm Grabber / Tracker