Primary

Context

iTracker360 WordPress Plugin Cross-Site Request Forgery Leading to Stored Cross-Site Scripting Vulnerability

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the iTracker360 plugin for WordPress, affecting all versions through 2.2.0. The vulnerability allows for Stored Cross-Site Scripting (XSS) due to the absence of nonce verification in the settings form submission, coupled with inadequate input sanitization and missing output escaping. This flaw enables unauthenticated attackers to inject arbitrary web scripts by sending a forged request, provided they can persuade an administrator to perform a specific action, such as clicking a link.

Impact

Exploitation of this vulnerability allows for Cross-Site Scripting (XSS) attacks, where injected scripts are executed in the context of the user.

Remediation

Users are advised to update the iTracker360 WordPress plugin to version 2.2.1 or a newer patched version.

Added: Mar 21, 2026, 12:19 AM

Updated: Mar 21, 2026, 12:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.9

remediation

0.0

relevance

4.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.9

remediation

0.0

relevance

4.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iTracker360 WordPress Plugin Cross-Site Request Forgery Leading to Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating