Handl Utm Grabber
Monthly
Stored/reflected cross-site scripting in the HandL UTM Grabber WordPress plugin (versions 2.9.2 and earlier) allows remote unauthenticated attackers to inject malicious JavaScript that executes in a victim's browser after user interaction, per PR:N/UI:R in the CVSS vector. The scope-change flag (S:C) indicates injected script can affect resources beyond the vulnerable component, such as authenticated admin sessions. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Stored/reflected cross-site scripting in the HandL UTM Grabber WordPress plugin (versions 2.9.2 and earlier) allows remote unauthenticated attackers to inject malicious JavaScript that executes in a victim's browser after user interaction, per PR:N/UI:R in the CVSS vector. The scope-change flag (S:C) indicates injected script can affect resources beyond the vulnerable component, such as authenticated admin sessions. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV.
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.