Query Monitor WordPress Plugin Vulnerable to Reflected XSS (CVE-2026-4267)
The Query Monitor WordPress plugin is vulnerable to reflected cross-site scripting (XSS) due to insufficient input sanitization and output escaping of the '$_SERVER['REQUEST_URI']' parameter, allowing unauthenticated attackers to inject arbitrary web scripts.
The Query Monitor plugin for WordPress, a developer tool panel, is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability. Identified as CVE-2026-4267, this flaw exists in all versions up to and including 3.20.3. The vulnerability arises from the plugin’s failure to adequately sanitize input and escape output related to the $_SERVER['REQUEST_URI'] parameter. An unauthenticated attacker can exploit this by injecting malicious web scripts into pages, posing a threat to users who…
Detection coverage 2
Detect Query Monitor XSS Attempt via URI
mediumDetects potential XSS attacks targeting the Query Monitor plugin by monitoring the request URI for common XSS payloads.
Detect Query Monitor XSS Attempt via Request URI (Alternative)
mediumDetects potential XSS attacks targeting the Query Monitor plugin by monitoring the request URI for base64 encoded payloads, which is a common obfuscation technique.
Detection queries are kept inside the platform. Get full rules →