3 matches found
CVE-2021-24167
When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount...
CVE-2021-24167
When visiting a site running Web-Stat 1.4.0, the "wtswebstatloadinit" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookupWPaccount...
CVE-2021-24167
CVE-2021-24167 affects WordPress Web-Stat plugins older than 1.4.1. The vulnerability stems from the wts_web_stat_load_init function, which causes the browser to request https://wts2.one/ajax.htm?action=lookup_WP_account. The request exposes the site’s wts_web_stat_uid via the pwpid parameter and...