CVE-2025-9116 WPS Visitor Counter Plugin <= 1.4.8 - Reflected XSS via $_SERVER['REQUEST_URI']

The WPS Visitor Counter WordPress plugin through 1.4.8 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

PT-2025-51089

The WPS Visitor Counter Plugin WordPress plugin through 1.4.8 does not escape the $ SERVER'REQUEST URI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...