CVE-2025-9116 | WPS Visitor Counter Plugin up to 1.4.8 on WordPress $_SERVER[‘REQUEST_URI’] cross site scripting

A vulnerability was found in WPS Visitor Counter Plugin up to 1.4.8 on WordPress and classified as problematic. Affected is an unknown function. Such manipulation of the argument $_SERVER[‘REQUEST_URI’] leads to cross site scripting.

This vulnerability is listed as CVE-2025-9116. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More