ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Simple Visitor Stat Plugin <= 4.5.2 BYPASS

Product
Simple Visitor Stat
Description
Because of these vulnerabilities, the attackers can inject arbitrary HTML or web script via the HTTP User-Agent or HTTP Referer header.
Solution
No fix have been released.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2014-9453
Versions
Affected In <= 1.0
Fixed In 1.1
Disclosure date
2015-01-02
Credits
Morten Nørtoft