13 matches found
EUVD-2021-11081
Malware in sbrugna...
CVE-2021-24167
When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount...
CVE-2021-24167
When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount...
CVE-2021-24167
When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount...
Design/Logic Flaw
When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount...
CVE-2021-24167 Web-Stat < 1.4.1 - API Key Disclosure
When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount...
CVE-2021-24167
CVE-2021-24167 affects WordPress Web-Stat plugins older than 1.4.1. The vulnerability stems from the wts_web_stat_load_init function, which causes the browser to request https://wts2.one/ajax.htm?action=lookup_WP_account. The request exposes the site’s wts_web_stat_uid via the pwpid parameter and...
Web-Stat 信息泄露漏洞
WordPress Web-Stat is a WordPress open source application. Takes all the content that can be detected and presents the results in clear, user-friendly charts and graphs. A security vulnerability exists in Web-Stat versions prior to 1.4.0 that stems from the wts web stat load init function using t...
WordPress Web-Stat plugin <= 1.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered by Ramuel Gall in WordPress Web-Stat plugin versions = 1.4. Solution Update the WordPress Web-Stat plugin to the latest available version at least 1.4.1...
Web-Stat < 1.4.1 - API Key Disclosure
When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount. This request contained sensitive information such as the site’s “wtswebstatuid” which was sent in the...
PHP Web Stat 4.x.x Information Disclosure
======================================================================== | Title : php web stat v4.x.x information Disclosure vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : all | Vendor : http://wmscripti.com/ | Dork :...
PHP Web Stat 4.5.03 Backdoor Account
======================================================================== | Title : php web stat v4.5.03 Backdoor account vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : v4.5.03 | Vendor : http://wmscripti.com/ | Dork :...
PHP Web Stat 4.5.03 Cross Site Scripting
======================================================================== | Title : php web stat v4.5.03 xss vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 10 FranASSais V.Pro | Version : v4.5.03 | Vendor : http://wmscripti.com/ | Dork : Copyright Ac 20...