WordPress HandL UTM Grabber / Tracker plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin HandL UTM Grabber versions = 2.8.0...

CVE-2025-13072

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13073

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

EUVD-2025-202398

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13073

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13073

CVE-2025-13073 refers to the HandL UTM Grabber / Tracker WordPress plugin (versions before 2.8.1). The issue is a Reflected Cross‑Site Scripting flaw where a parameter is output without proper sanitization/escaping, enabling an attacker to potentially affect high‑privilege users (e.g., admin). Af...

CVE-2025-13073 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via handl_landing_page

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13072 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via utm_source

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2025-13072

The HandL UTM Grabber / Tracker WordPress plugin (versions prior to 2.8.1) is affected by CVE-2025-13072 due to improper sanitization/escaping of a parameter before it is reflected back on the page, enabling a Reflected XSS that could target high-privilege users such as admins. The issue is confi...

CVE-2025-13072 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via utm_source

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin HandL UTM Grabber / Tracker 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

EUVD-2019-6693

Malware in sbrugna...

CVE-2019-15769

The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via addoption and updateoption...

WordPress handl-utm-grabber cross-site request forgery vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. handl-utm-grabber is a plugin used in it to add hidden fields to forms and capture UTM variables. A cross-site request forgery...

CVE-2019-15769

The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via addoption and updateoption...

CVE-2019-15769

The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via addoption and updateoption...

Cross site request forgery (csrf)

The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via addoption and updateoption...

CVE-2019-15769

The CVE-2019-15769 entry concerns the WordPress plugin HandL UTM Grabber, affected prior to version 2.6.5. The vulnerability is described as a cross-site request forgery (CSRF) via add_option and update_option, effectively an authenticated option change vulnerability. Root cause details across so...

CVE-2019-15769

The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via addoption and updateoption...

WordPress HandL UTM Grabber plugin <= 2.6.4 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found in WordPress HandL UTM Grabber plugin versions = 2.6.4. Solution Update the WordPress HandL UTM Grabber plugin to the latest available version at least 2.6.5...