WordPress plugin WassUp Real Time Analytics security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

PT-2023-32239 · WordPress · Wassup Real Time Analytics

Name of the Vulnerable Software and Affected Versions: WassUp Real Time Analytics WordPress plugin versions 1.9.4.5 and earlier Description: The issue allows unauthenticated users to perform Stored XSS attacks against logged in admins. This is due to the plugin not escaping IP address provided vi...

WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS

Description The plugin does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins wget --header="X-Forwarded-For: " https://example.com -q -O- The XSS will be triggered wh...

WordPress WassUp Real Time Analytics 1.9 Plugin - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginwassuprealtimeanalyticswordpressplugin.html Persistent Cross-Site Scripting in WassUp Real Time Analytics WordPress Plugin Abstract A stored Cross-Site Scripting XSS...

WassUp 1.4.3 - (spy.php to_date) SQL Injection Exploit

The WassUp Real Time Analytics WordPress plugin was affected by a spy.php todate SQL Injection Exploit security vulnerability...