Lucene search
WPScanCVELIST:CVE-2015-10001HistoryNov 01, 2021 - 8:45 a.m.
CVE-2015-10001 WP-Stats < 2.5.2 - CSRF to Stored Cross-Site Scripting (XSS)
2021-11-0108:45:47
CWE-352
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
31.1%
The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads
CNA Affected
[
{
"product": "WP-Stats",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.52",
"status": "affected",
"version": "2.52",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2015-10001
2021-11-01 09:15:07
prion
prion
Cross site scripting
2021-11-01 09:15:00
nvd
nvd
CVE-2015-10001
2021-11-01 09:15:07