HandL UTM Grabber / Tracker
Moderate fix1 remedy
cpe:2.3:a:haktansuren:handl_utm_grabber:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- < 2.8.1
HandL UTM Grabber/Tracker WordPress Plugin Reflected Cross-Site Scripting Vulnerability
Vulnerability
Patched
A reflected cross-site scripting vulnerability has been identified in the HandL UTM Grabber/Tracker WordPress plugin, affecting versions prior to 2.8.1. The issue arises because the plugin fails to properly sanitize and escape a parameter before displaying it on the page. This vulnerability could be exploited against users with high privileges, such as administrators.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, create a post as a contributor and include the vulnerable shortcode [handl_landing_page]. After publishing the post, retrieve its URL and append an XSS payload to an arbitrarily named parameter. When the URL is accessed, the injected script will execute, demonstrating the cross-site scripting vulnerability.
Remediation
Users are advised to update the HandL UTM Grabber/Tracker WordPress plugin to version 2.8.1 or later.
Added: Dec 10, 2025, 6:17 AM
Updated: Dec 10, 2025, 6:17 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
1.7exploitability
7.9remediation
7.7relevance
1.4threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.