Lucene search
K

7 matches found

NVD
NVD
added 2026/04/17 2:16 a.m.12 views

CVE-2026-5231

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS0.00476EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/17 1:24 a.m.11 views

CVE-2026-5231

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.9AI score0.00476EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/17 1:24 a.m.9 views

CVE-2026-5231 WP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.9AI score0.00476EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2026/04/17 12:0 a.m.13 views

VulnCheck KEV: CVE-2026-5231

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...

7.2CVSS5.9AI score0.00476EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.10 views

WordPress plugin WP Statistics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.2CVSS5.6AI score0.00476EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 6:0 a.m.2 views

CVE-2025-13072 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via utm_source

The HandL UTM Grabber / Tracker WordPress plugin before 2.8.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.7AI score0.00147EPSS
Exploits0References1
Hacker One
Hacker One
added 2016/05/24 2:11 a.m.45 views

Starbucks: www.starbucks.co.uk Reflected XSS via utm_source parameter

https://www.starbucks.co.uk/shop/card/egift?utmcampaign=egift&utmcontent=WinterFY16&utmmedium=GPH&utmsource=SBUXcouk"%3e%3cb%20onbeforescriptexecute=promptdocument.domain%3e Payload: "%3e%3cb%20onbeforescriptexecute=promptdocument.domain%3e...

2.1AI score
Exploits0
Rows per page
Query Builder