Lucene search
K

110 matches found

OSV
OSV
added 2022/02/14 12:15 p.m.6 views

CVE-2022-0206

The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

6.1CVSS5.8AI score0.01446EPSS
Exploits2References1
Prion
Prion
added 2022/02/14 12:15 p.m.10 views

Cross site scripting

The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

4.3CVSS6.1AI score0.01446EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/02/14 9:21 a.m.26 views

CVE-2022-0206 NewStatPress < 1.3.6 - Reflected Cross-Site Scripting

The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

6.2AI score0.01446EPSS
Exploits2References1
CVE
CVE
added 2022/02/14 9:21 a.m.130 views

CVE-2022-0206

The CVE-2022-0206 case documents a vulnerability in the WordPress plugin NewStatPress prior to version 1.3.6. The issue arises because the plugin does not properly escape the whatX parameters before outputting them in HTML attributes, which enables reflected cross-site scripting (XSS). The connec...

6.1CVSS6.1AI score0.01446EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/02/14 12:0 a.m.30 views

WordPress和WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress NewStatPress plugin prior to 1.3.6. The vulnerabili...

6.1CVSS5.3AI score0.01446EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/01/13 12:0 a.m.136 views

NewStatPress < 1.3.6 - Reflected Cross-Site Scripting

The plugin does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=nspsearch&what1=%27+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x...

6.1CVSS1.6AI score0.01446EPSS
Exploits2
Patchstack
Patchstack
added 2022/01/13 12:0 a.m.22 views

WordPress NewStatPress plugin <= 1.3.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress NewStatPress plugin versions = 1.3.5. Solution Update the WordPress NewStatPress plugin to the latest available version at least 1.3.6...

6.1CVSS1.8AI score0.01446EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/13 12:0 a.m.11 views

NewStatPress < 1.3.6 - Reflected Cross-Site Scripting

The plugin does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC https://example.com/wp-admin/admin.php?page=nspsearch&what1;=%27+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x...

6.1CVSS1.4AI score0.01446EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2019/08/28 12:0 a.m.2 views

WordPress newstatpress plugin cross-site scripting vulnerability (CNVD-2019-30374)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. newstatpress is a plugin used in it for real-time statistics on blog visits. A cross-site scripting vulnerability exists in the...

6.1CVSS6.3AI score0.00915EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/08/27 12:0 a.m.26 views

WordPress NewStatPress Plugin < 1.0.5 Multiple Vulnerabilities

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

6.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2019/08/27 12:0 a.m.19 views

WordPress NewStatPress Plugin < 1.0.4 XSS Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

6.1CVSS6.4AI score0.00923EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2019/08/27 12:0 a.m.15 views

WordPress NewStatPress Plugin < 1.0.6 XSS Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

6.1CVSS6.4AI score0.00923EPSS
Exploits0References1
NVD
NVD
added 2019/08/22 1:15 p.m.13 views

CVE-2017-18575

The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues...

6.1CVSS6.1AI score0.00915EPSS
Exploits0References1
OSV
OSV
added 2019/08/22 1:15 p.m.2 views

CVE-2017-18575

The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues...

6.1CVSS5.8AI score0.00915EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 1:15 p.m.11 views

Cross site scripting

The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues...

4.3CVSS6AI score0.00915EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 12:59 p.m.14 views

CVE-2017-18575

The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues...

6.1AI score0.00915EPSS
Exploits0References1
CVE
CVE
added 2019/08/22 12:59 p.m.49 views

CVE-2017-18575

CVE-2017-18575 affects the WordPress plugin NewStatPress prior to version 1.2.5. The issue is multiple stored XSS flaws in the plugin, where unsanitized user-supplied data can be stored and later reflected in pages, enabling injection of client-side scripts. Public exploitation details are not pr...

6.1CVSS6AI score0.00915EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/08/15 12:0 a.m.6 views

WordPress newstatpress plugin cross-site scripting vulnerability (CNVD-2019-30372)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. newstatpress is a plugin used in it for real-time statistics on blog visits. A cross-site scripting vulnerability exists in the...

6.1CVSS6.3AI score0.01879EPSS
Exploits1References1
CNVD
CNVD
added 2019/08/15 12:0 a.m.2 views

WordPress newstatpress plugin cross-site scripting vulnerability (CNVD-2019-30376)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. newstatpress is a plugin used in it for real-time statistics on blog visits. A cross-site scripting vulnerability exists in the...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/15 12:0 a.m.2 views

WordPress newstatpress plugin SQL injection vulnerability (CNVD-2019-30377)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. newstatpress is a plugin used in it for real-time statistics on blog visits. A SQL injection vulnerability exists in the WordPress...

9.8CVSS8AI score0.01815EPSS
Exploits1References1
Rows per page
Query Builder