CVE-2022-25307

🗓️ 24 Feb 2022 18:27:12Reported by WordfenceType

cve🔗 web.nvd.nist.gov👁 80 Views🌐 WEB

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting in versions up to and including 13.1.5

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress plugin WP Statistics 跨站脚本漏洞	24 Feb 202200:00	–	cnnvd
CNVD	WordPress and WordPress plugin cross-site scripting vulnerability	25 Feb 202200:00	–	cnvd
Cvelist	CVE-2022-25307 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via platform	24 Feb 202218:27	–	cvelist
EUVD	EUVD-2022-29991	3 Oct 202520:07	–	euvd
NVD	CVE-2022-25307	24 Feb 202219:15	–	nvd
OpenVAS	WordPress WP Statistics Plugin < 13.1.6 Multiple Vulnerabilities	8 Mar 202200:00	–	openvas
OSV	CVE-2022-25307	24 Feb 202219:15	–	osv
Patchstack	WordPress WP Statistics plugin <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability	17 Feb 202200:00	–	patchstack
Prion	Cross site scripting	24 Feb 202219:15	–	prion
RedhatCVE	CVE-2022-25307	6 Feb 202502:11	–	redhatcve

NVD

Vulners

Node

veronalabs wp_statisticsRange≤13.1.5wordpress

[
  {
    "product": "WP Statistics",
    "vendor": "WP Statistics",
    "versions": [
      {
        "lessThanOrEqual": "13.1.5",
        "status": "affected",
        "version": "13.1.5",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
gist	www.gist.github.com/Xib3rR4dAr/8090a6d026d4601083cff80aa80de7eb
wordfence	www.wordfence.com/vulnerability-advisories/

Parameter	Position	Path	Description	CWE
platform	path	~/includes/class-wp-statistics-hits.php	Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter in WP Statistics hits logic.	CWE-79

21 Nov 2024 06:51Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 3.16.1 - 7.2

EPSS0.01161

SSVC

CWE-79

wp statistics wordpress plugin vulnerability cross-site scripting xss web scripts site administrators nvd