Volerion logoVolerion
Volerion logoVolerion

Image Hover Effects Ultimate WordPress Plugin Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the Image Hover Effects Ultimate WordPress plugin, affecting versions prior to 9.7.1. The issue arises because the plugin fails to properly escape the effects parameter before displaying it in an attribute on an admin page.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, navigate to the WordPress admin panel and access the Image Hover Effects Ultimate support page. Append the effects parameter with a crafted value that includes JavaScript, such as an animation style directive that triggers an alert. The injected script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update the Image Hover Effects Ultimate WordPress plugin to version 9.7.1 or later.

Added: Apr 7, 2026, 11:19 AM
Updated: Apr 7, 2026, 11:19 AM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
5.4
exploitability
7.7
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.