cleantalk
Vulnerabilities and Security Researches

Injection Guard, CVE-2025-8046

CVE, Research URL

CVE-2025-8046

Home page URL

Security reports for Injection Guard

Application

Injection Guard

Published on
Aug 14, 2025
Research Description
The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
Affected versions
Min -, max 1.2.8.
Status
vulnerable
Previous vulnerability researches
12 Step Meeting List (CVE-2025-24582) , Jan 26, 2025
12 Step Meeting List (CVE-2025-24580) , Jan 26, 2025
12 Step Meeting List (CVE-2023-46641) , Jun 07, 2024
12 Step Meeting List (CVE-2024-35693) , Jun 10, 2024
12 Step Meeting List (CVE-2025-24583) , Apr 19, 2025
New vulnerability
Surbma | Recent Comments Shortcode (CVE-2025-7649) , Aug 17, 2025
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin (CVE-2025-54740) , Aug 17, 2025
MDTF – Meta Data and Taxonomies Filter (CVE-2025-54707) , Aug 17, 2025
StoryChief (CVE-2025-7441) , Aug 17, 2025
Woocommerce Blocks – Woolook (CVE-2024-8393) , Aug 17, 2025