219 matches found
CVE-2017-2147
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2017-2135
The WP Statistics WordPress plugin is affected by a reflected cross-site scripting vulnerability (CWE-79) reported for version 12.0.1 and earlier. Multiple connected advisories confirm XSS vectors that can execute script in a logged-in user’s browser, with exploit details not fully disclosed in a...
CVE-2017-2136
CVE-2017-2136 (WP Statistics) affects the WordPress WP Statistics plugin, version 12.0.4 and earlier. The root cause is a cross-site scripting flaw triggered by specially crafted HTTP Referer headers, allowing an attacker to inject arbitrary script or HTML in users’ browsers. Affected products an...
CVE-2017-2135
Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
JVN#62392065: WordPress plugin "WP Statistics" vulnerable to cross-site scripting
The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79 in multiple pages due to a flaw in processing HTTP Referer headers. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by th...
JVN#77253951: WordPress plugin "WP Statistics" vulnerable to cross-site scripting
The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by the application. Solution Update the plugin Update the plugin accordi...
JVN#17633442: WordPress plugin "WP Statistics" vulnerable to cross-site scripting
The WordPress plugin "WP Statistics" provided by WP Statistics contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...
WP Statistics <= 12.0.4 - Reflected Cross-Site Scripting (XSS)
The WP Statistics WordPress plugin was affected by a Reflected Cross-Site Scripting XSS security vulnerability...
WP Statistics <= 9.5.1 - Referer Cross-Site Scripting (XSS)
The WP Statistics WordPress plugin was affected by a Referer Cross-Site Scripting XSS security vulnerability...
WP Statistics <= 9.4 - Authenticated SQL Injection
The WP Statistics WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...
WordPress WP Statistics Plugin <= 8.3 - Stored & Reflected XSS
This plugin is prone to stored and reflected cross site scripting vulnerabilities. Solution Update the plugin...
WordPress WP Statistics Plugin <= 9.1.2 - Stored Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability because "above" parameter is vulnerable to cross site scripting. A malicious administration can hijack other users session, take control of another administrator's browser or install malware on their computer. Solution Update the plugin...
Wordpress WP Statistics persistent cross site scripting
=========================================================== Stored XSS Vulnerability in WP Statistics Wordpress Plugin =========================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin...
WordPress WP Statistics 9.1.2 Cross Site Scripting
=========================================================== Stored XSS Vulnerability in WP Statistics Wordpress Plugin =========================================================== . contents:: Table Of Content Overview ======== Title :Stored XSS Vulnerability in WP Statistics Wordpress Plugin...
WP Statistics <= 9.1.2 - Authenticated Stored Cross-Site Scripting (XSS)
The WP Statistics WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...
WP Statistics <= 8.4 - Unauthenticated Referer Header Stored XSS
On the "Statistics Visitors" screen the referer link is not filtered. Malicious JavaScript can be injected by an unauthenticated user. This simple cURL command with a custom referer header makes it possible: curl -H 'Referer: javascript:alertlocation.href;' 'http://wp.dev'...
WordPress 4.0.1 Cross-Site Scripting Vulnerability Patch
WordPress’s latest update, 4.0.1, patches a critical cross-site scripting vulnerability affecting comment boxes on websites running the content management system software. An attacker would need only to inject malicious JavaScript into a comment that would infect a reader viewing it on the webpag...
WP Statistics <= 8.3 - Stored & Reflected Cross-Site Scripting (XSS)
The WP Statistics WordPress plugin was affected by a Stored & Reflected Cross-Site Scripting XSS security vulnerability...
WP Statistics <= 2.2.4 - Cross-Site Scripting (XSS)
The WP Statistics WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...