Lucene search
China National Vulnerability DatabaseCNVD-2023-06867HistoryFeb 16, 2022 - 12:00 a.m.
WordPress NewStatPress plugin cross-site scripting vulnerability
2022-02-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
wordpress
newstatpress
cross-site scripting
vulnerability
versions 1.3.6
php
mysql
reflection
EPSS
0.001
Percentile
45.1%
WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress NewStatPress plugin prior to 1.3.6. The vulnerability stems from the plugin’s failure to properly escape the whatX parameter before outputting it back to the property, which can be exploited by attackers to cause reflection cross-site scripting issues.
Related
prion
prion
Cross site scripting
2022-02-14 12:15:00
nvd
nvd
CVE-2022-0206
2022-02-14 12:15:16
cvelist
cvelist
CVE-2022-0206 NewStatPress < 1.3.6 - Reflected Cross-Site Scripting
2022-02-14 09:21:05
patchstack
patchstack
wpvulndb
wpvulndb
NewStatPress < 1.3.6 - Reflected Cross-Site Scripting
2022-01-13 00:00:00
wpexploit
wpexploit
NewStatPress < 1.3.6 - Reflected Cross-Site Scripting
2022-01-13 00:00:00
cve
cve
CVE-2022-0206
2022-02-14 12:15:16
nuclei
nuclei
WordPress NewStatPress <1.3.6 - Cross-Site Scripting
2023-03-18 22:07:09