Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6275

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounteraddToTags function. The function is hooked to wphead...

6.4CVSS5.5AI score0.00305EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 a.m.21 views

CVE-2026-6275

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounteraddToTags function. The function is hooked to wphead...

6.4CVSS0.00305EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/29 5:32 a.m.39 views

CVE-2026-6275 StatCounter <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Author Nickname

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounteraddToTags function. The function is hooked to wphead...

6.4CVSS0.00305EPSS
Exploits0References6
CVE
CVE
added 2026/05/29 5:32 a.m.16 views

CVE-2026-6275

CVE-2026-6275 : The StatCounter – Free Real Time Visitor Stats WordPress plugin is vulnerable in versions up to 2.1.1 due to insufficient output escaping in the statcounter_addToTags() function, which is hooked to wp_head. It retrieves the post author’s nickname with the_author_meta() and echoes ...

6.4CVSS6AI score0.00305EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:32 a.m.8 views

CVE-2026-6275

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounteraddToTags function. The function is hooked to wphead...

6.4CVSS5.8AI score0.00305EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/29 5:32 a.m.11 views

CVE-2026-6275 StatCounter <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Author Nickname

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounteraddToTags function. The function is hooked to wphead...

6.4CVSS6AI score0.00305EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44751

The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounter addToTags function. The function is hooked to wp he...

6.4CVSS6AI score0.00305EPSS
Exploits0References7
Rows per page
Query Builder