4 matches found
EUVD-2025-202958
The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nspshortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-13747
The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nspshortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-13747
CVE-2025-13747 : The NewStatPress WordPress plugin is vulnerable to Stored Cross-Site Scripting via a regex bypass in the nsp_shortcode function in all versions up to 1.4.3. Exploitation requires authentication at contributor level or higher and can inject scripts executed by users on injected pa...
PT-2025-50821
The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nsp shortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...