PT-2025-51089 · WordPress · Wps Visitor Counter Plugin
Bob Matyas
·
Published
2025-12-13
·
Updated
2025-12-13
·
CVE-2025-9116
CVSS v3.1
5.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
WPS Visitor Counter Plugin versions through 1.4.8
Description
The plugin does not properly handle the
$ SERVER['REQUEST URI'] parameter before displaying it, potentially allowing for Reflected Cross-Site Scripting (XSS) in older web browsers. The vulnerable parameter is used in an attribute without proper escaping.Recommendations
Update WPS Visitor Counter Plugin to a version later than 1.4.8.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wps Visitor Counter Plugin