Description

The WPS Visitor Counter Plugin WordPress plugin through 1.4.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.

INFO

Published Date :

2025-12-13T06:00:08.052Z

Last Modified :

2025-12-13T22:55:27.047Z

Source :

WPScan
AFFECTED PRODUCTS

The following products are affected by CVE-2025-9116 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9116.

URL Resource
https://wpscan.com/vulnerability/fe2eb926-96e8-419e-bf41-5531546e6590/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System