cleantalk
Vulnerabilities and Security Researches

WPS Visitor Counter Plugin, CVE-2025-9116

CVE, Research URL

CVE-2025-9116

Home page URL

Security reports for WPS Visitor Counter Plugin

Application

WPS Visitor Counter Plugin

Published on
Dec 13, 2025
Research Description
The WPS Visitor Counter WordPress plugin through 1.4.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
Affected versions
max 1.4.8.
Status
vulnerable
Previous vulnerability researches
WPS Visitor Counter Plugin (CVE-2025-9116) , Apr 28, 2026
New vulnerability
Booking Package (CVE-2026-4911) , Apr 29, 2026
Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud! (CVE-2026-42379) , Apr 28, 2026
WPIDE – File Manager & Code Editor , Apr 28, 2026
UiCore Animate , Apr 28, 2026
WP Booking Calendar , Apr 28, 2026