4 matches found
Critical XSS Flaw Discovered in WP Statistics Impacting 600K Sites
Summary: A critical Cross-Site Scripting XSS vulnerability CVE-2024-2194 in WP Statistics plugin, allowing attackers to inject malicious code via the URL parameter. With over 600,000 installations, the flaw poses severe risks, enabling unauthorized script execution and potential data theft or sit...
CVE-2024-2194
CVE-2024-2194 : Stored XSS in WP Statistics for WordPress, affecting all versions up to 14.5 due to insufficient input sanitization and output escaping. Exploitation is unauthenticated and occurs via the URL search parameter. Red Hat confirms the issue; Wordfence notes the vulnerability has a pat...
CVE-2024-2194 WP Statistics <= 14.5 - Unauthenticated Stored Cross-Site Scripting
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress WP Statistics Plugin <= 14.5 is vulnerable to Cross Site Scripting (XSS)
Software WP Statistics Type Plugin Vulnerable versions = 14.5 Fixed in 14.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2194 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2615a6c0c9 Credits Tim Coen Required...