cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwps-visitor-counter wps-visitor-counter

Direction: ascending
Apr 28, 2026

WPS Visitor Counter Plugin # CVE-2025-9116

CVE, Research URL

CVE-2025-9116

Home page URL

Security reports for WPS Visitor Counter Plugin

Application

WPS Visitor Counter Plugin

Date
Dec 13, 2025
Research Description
The WPS Visitor Counter WordPress plugin through 1.4.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
Affected versions
max 1.4.8.
Status
vulnerable