Cross-site Scripting Vulnerability in Inspectlet User Session Recording and Heatmaps
CVE-2025-49048
5.9MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 14 August 2025
What is CVE-2025-49048?
A vulnerability exists in Inspectlet's User Session Recording and Heatmaps that allows for Stored Cross-site Scripting (XSS). This issue arises due to improper neutralization of input during web page generation, which can lead to malicious scripts being executed in the context of user sessions. Users running the affected versions should take immediate action to mitigate potential security risks. Implementing proper input validation and sanitization is crucial to prevent exploitation.
Affected Version(s)
Inspectlet – User Session Recording and Heatmaps <= 2.0