Lucene search
+L

219 matches found

Cvelist
Cvelist
added 2017/04/28 4:0 p.m.20 views

CVE-2017-2147

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1AI score0.01278EPSS
Exploits0References3
CVE
CVE
added 2017/04/28 4:0 p.m.48 views

CVE-2017-2135

The WP Statistics WordPress plugin is affected by a reflected cross-site scripting vulnerability (CWE-79) reported for version 12.0.1 and earlier. Multiple connected advisories confirm XSS vectors that can execute script in a logged-in user’s browser, with exploit details not fully disclosed in a...

6.1CVSS6AI score0.01678EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/04/28 4:0 p.m.48 views

CVE-2017-2136

CVE-2017-2136 (WP Statistics) affects the WordPress WP Statistics plugin, version 12.0.4 and earlier. The root cause is a cross-site scripting flaw triggered by specially crafted HTTP Referer headers, allowing an attacker to inject arbitrary script or HTML in users’ browsers. Affected products an...

6.1CVSS6.1AI score0.02603EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/04/28 4:0 p.m.17 views

CVE-2017-2135

Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1AI score0.01678EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/13 12:0 a.m.44 views

JVN#62392065: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by th...

6.1CVSS6AI score0.02603EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/13 12:0 a.m.40 views

JVN#77253951: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by the application. Solution Update the plugin Update the plugin accordi...

6.1CVSS6AI score0.01278EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/04/10 12:0 a.m.53 views

JVN#17633442: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

6.1CVSS6AI score0.01678EPSS
Exploits0
WPVulnDB
WPVulnDB
added 2017/04/10 12:0 a.m.17 views

WP Statistics <= 12.0.4 - Reflected Cross-Site Scripting (XSS)

The WP Statistics WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.02603EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/10 12:0 a.m.12 views

WP Statistics <= 9.5.1 - Referer Cross-Site Scripting (XSS)

The WP Statistics WordPress plugin was affected by a Referer Cross-Site Scripting XSS security vulnerability...

1.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/07/09 12:0 a.m.9 views

WP Statistics <= 9.4 - Authenticated SQL Injection

The WP Statistics WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...

2.7AI score
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.15 views

WordPress WP Statistics Plugin <= 8.3 - Stored & Reflected XSS

This plugin is prone to stored and reflected cross site scripting vulnerabilities. Solution Update the plugin...

1.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/05/15 12:0 a.m.10 views

WordPress WP Statistics Plugin <= 9.1.2 - Stored Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability because "above" parameter is vulnerable to cross site scripting. A malicious administration can hijack other users session, take control of another administrator's browser or install malware on their computer. Solution Update the plugin...

2.2AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2015/05/11 12:0 a.m.50 views

Wordpress WP Statistics persistent cross site scripting

=========================================================== Stored XSS Vulnerability in WP Statistics Wordpress Plugin =========================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin...

5.2AI score
Exploits0
Packet Storm
Packet Storm
added 2015/04/16 12:0 a.m.26 views

WordPress WP Statistics 9.1.2 Cross Site Scripting

=========================================================== Stored XSS Vulnerability in WP Statistics Wordpress Plugin =========================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin...

7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2015/04/15 12:0 a.m.9 views

WP Statistics <= 9.1.2 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Statistics WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

1.5AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2014/12/03 12:0 a.m.10 views

WP Statistics <= 8.4 - Unauthenticated Referer Header Stored XSS

On the "Statistics Visitors" screen the referer link is not filtered. Malicious JavaScript can be injected by an unauthenticated user. This simple cURL command with a custom referer header makes it possible: curl -H 'Referer: javascript:alertlocation.href;' 'http://wp.dev'...

1.3AI score
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2014/11/21 9:52 a.m.10 views

WordPress 4.0.1 Cross-Site Scripting Vulnerability Patch

WordPress’s latest update, 4.0.1, patches a critical cross-site scripting vulnerability affecting comment boxes on websites running the content management system software. An attacker would need only to inject malicious JavaScript into a comment that would infect a reader viewing it on the webpag...

5.8AI score
Exploits0References3
WPVulnDB
WPVulnDB
added 2014/11/20 8:35 p.m.6 views

WP Statistics <= 8.3 - Stored & Reflected Cross-Site Scripting (XSS)

The WP Statistics WordPress plugin was affected by a Stored & Reflected Cross-Site Scripting XSS security vulnerability...

1.4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2012/05/15 12:0 a.m.6 views

WP Statistics <= 2.2.4 - Cross-Site Scripting (XSS)

The WP Statistics WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

1.4AI score
Exploits0References1Affected Software1
Rows per page
Query Builder