3 matches found
CVE-2022-25306 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via browser
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the /includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when...
CVE-2022-25306 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via browser
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the /includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when...
CVE-2022-25306
The CVE-2022-25306 entry concerns the WordPress WP Statistics plugin. Data from connected docs confirms a Cross-Site Scripting (XSS) vulnerability caused by insufficient escaping/sanitization of the browser parameter in ~/includes/class-wp-statistics-visitor.php, exploitable on pages that display...