Lucene search
K

4 matches found

hivepro
hivepro
added 2024/03/18 8:11 a.m.32 views

Critical XSS Flaw Discovered in WP Statistics Impacting 600K Sites

Summary: A critical Cross-Site Scripting XSS vulnerability CVE-2024-2194 in WP Statistics plugin, allowing attackers to inject malicious code via the URL parameter. With over 600,000 installations, the flaw poses severe risks, enabling unauthorized script execution and potential data theft or sit...

6.4CVSS6AI score0.67723EPSS
Exploits1
CVE
CVE
added 2024/03/13 3:27 p.m.78 views

CVE-2024-2194

CVE-2024-2194 : Stored XSS in WP Statistics for WordPress, affecting all versions up to 14.5 due to insufficient input sanitization and output escaping. Exploitation is unauthenticated and occurs via the URL search parameter. Red Hat confirms the issue; Wordfence notes the vulnerability has a pat...

7.2CVSS6.3AI score0.67723EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/13 3:27 p.m.101 views

CVE-2024-2194 WP Statistics <= 14.5 - Unauthenticated Stored Cross-Site Scripting

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6.4AI score0.67723EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/03/12 12:0 a.m.11 views

WordPress WP Statistics Plugin <= 14.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Statistics Type Plugin Vulnerable versions = 14.5 Fixed in 14.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2194 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2615a6c0c9 Credits Tim Coen Required...

7.2CVSS5.9AI score0.67723EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder