Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2025/06/06 6:42 a.m.7 views

CVE-2025-4966 WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function

The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hkdatasetresults function. This makes it possible for unauthenticated attackers to inject malicious web script...

6.1CVSS6.6AI score0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/06 6:42 a.m.16 views

CVE-2025-4966 WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function

The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hkdatasetresults function. This makes it possible for unauthenticated attackers to inject malicious web script...

6.1CVSS0.0014EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/06/05 8:14 p.m.11 views

WordPress WP Online Users Stats plugin <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting via hkdatasetresults Function vulnerability discovered by rajanhoyr in WordPress Plugin WP Online Users Stats versions = 1.0.0...

6.1CVSS5.7AI score0.0014EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder