CVE-2025-14609 Wise Analytics <= 1.1.9 - Missing Authorization to Unauthenticated Arbitrary Analytics Database Disclosure via 'name' Parameter

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

CVE-2009-4956

Cross-site scripting XSS vulnerability in the Visitor Tracking wsstats extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4956

Cross-site scripting XSS vulnerability in the Visitor Tracking wsstats extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Visitor Tracking wsstats extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4956

CVE-2009-4956 is an XSS vulnerability in TYPO3's Visitor Tracking (ws_stats) extension prior to 0.1.2. Reported vulnerability allows remote attackers to inject arbitrary script/HTML through unspecified vectors, potentially executing code in a victim’s browser without authentication. The issue aff...

CVE-2009-4956

Cross-site scripting XSS vulnerability in the Visitor Tracking wsstats extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...