Handl Utm Grabber Tracker
by WordPress
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15769 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2019 | The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option. | ||
| CVE-2025-13073 | Hig | 0.46 | 7.1 | 0.00 | Dec 10, 2025 | The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||
| CVE-2025-13072 | Hig | 0.46 | 7.1 | 0.00 | Dec 10, 2025 | The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
- risk 0.57cvss 8.8epss 0.01
The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF via add_option and update_option.
- risk 0.46cvss 7.1epss 0.00
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- risk 0.46cvss 7.1epss 0.00
The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.