Hugh Mungus Visitor Maps: Reflected Cross-Site Scripting in Visitor Maps

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

Hugh Mungus Visitor Maps: Reflected Cross-Site Scripting in Visitor Maps

CVE-2025-69389

Summary

A security issue in the Visitor Maps plugin can allow an attacker to inject malicious code into your website, potentially stealing user data or taking control of your site. This affects versions 1.2.6 and earlier. Update to a newer version to fix the issue.

Original title

Original description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Visitor Maps Extended Referer Field visitor-maps-extended-referer-field allows Reflected XSS.This issue affects Visitor Maps Extended Referer Field: from n/a through <= 1.2.6.

nvd CVSS3.1 7.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/visitor-maps-extended-referer-f...

Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026