ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Statistics plugin <= 12.6.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Product
WP Statistics
Description
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability found by Antony Garand in WordPress WP Statistics plugin (version <= 12.6.6.1). The specific configuration needed for exploitation.
Solution
Update the WordPress WP Statistics plugin to the latest available version (at least 12.6.7).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 12.6.6.1
Fixed In 12.6.7
Disclosure date
2019-07-04
Credits
Antony Garand
Submitter
ThreatPress