Lucene search

Krzysztof ZającPATCHSTACK:579E4FC19E7FE9541F043F35780C0395

HistoryJan 31, 2022 - 12:00 a.m.

WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 5.4 - Arbitrary IP Address Exclusion to Stored Cross-Site Scripting (XSS) vulnerability

2022-01-3100:00:00

Krzysztof Zając

patchstack.com

wordpress

visitor statistics

xss

vulnerability

krzysztof zając

update

5.5

plugin

ip address exclusion

stored cross-site scripting

EPSS

0.001

Percentile

24.8%

JSON

Arbitrary IP Address Exclusion to Stored Cross-Site Scripting (XSS) vulnerability discovered by Krzysztof Zając in WordPress WP Visitor Statistics (Real Time Traffic) plugin (versions <= 5.4).

Solution

           Update the WordPress WP Visitor Statistics (Real Time Traffic) plugin to the latest available version (at least 5.5).

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25042

wordpress.org/plugins/wp-stats-manager/#developers

wpscan.com/vulnerability/05b9e478-2d3b-4460-88c1-7f81d3a68ac4

EPSS

0.001

Percentile

24.8%

JSON

Related for PATCHSTACK:579E4FC19E7FE9541F043F35780C0395