Summary: A critical Cross-Site Scripting (XSS) vulnerability (CVE-2024-2194) in WP Statistics plugin, allowing attackers to inject malicious code via the URL parameter. With over 600,000 installations, the flaw poses severe risks, enabling unauthorized script execution and potential data theft or site compromise. Update promptly to patched versions to prevent potential exploitation. Threat Level - Red | Vulnerability Report For a detailed threat advisory, download the pdf file here To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.