CVE-2025-8046
14.08.2025, 06:15
The Injection Guard WordPress plugin before 1.2.8 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsersEnginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.