10 matches found
CVE-2022-0206
The CVE-2022-0206 case documents a vulnerability in the WordPress plugin NewStatPress prior to version 1.3.6. The issue arises because the plugin does not properly escape the whatX parameters before outputting them in HTML attributes, which enables reflected cross-site scripting (XSS). The connec...
CVE-2015-4062
CVE-2015-4062 affects WordPress plugin NewStatPress 0.9.8. The vulnerability is an SQL injection in includes/nsp_search.php that allows a remote authenticated user to execute arbitrary SQL via the where1 parameter on the nsp_search page (wp-admin/admin.php). The issue is demonstrated in multiple ...
CVE-2015-4063
Summary (CVE-2015-4063): WordPress plugin NewStatPress (before 0.9.9) contains a cross-site scripting (XSS) flaw in includes/nsp_search.php. The vulnerability allows remote authenticated users to inject arbitrary script/HTML via the where1 parameter on the nsp_search page (to wp-admin/admin.php)....
CVE-2015-9312
CVE-2015-9312 affects the WordPress plugin NewStatPress prior to 1.0.5 (observed in templates and RedHat/NVD entries). The vulnerability is a cross-site scripting (XSS) flaw in includes/nsp_search.php where GET parameters are used unsafely, with outputs escaping issues that allow injected script....
CVE-2015-9313
CVE-2015-9313: The WordPress plugin newstatpress (before 1.0.5) is affected by an SQL injection through an IMG element. The root cause is unsafe SQL construction in the plugin’s search path (nsp_search.php), enabling an attacker to potentially disclose data (PoC shows exfiltration of user hashes)...
CVE-2015-9314
The CVE-2015-9314 entry concerns the WordPress plugin NewStatPress, affected versions prior to 1.0.4. The vulnerability is an XSS issue tied to the Referer header, impacting the plugin’s handling of HTTP Referer data. Several connected sources corroborate the same flaw (XSS related to Referer hea...
CVE-2015-9315
The CVE-2015-9315 entry concerns the WordPress plugin NewStatPress , affected versions before 1.0.1 . According to the sources, this plugin contains an SQL injection vulnerability, enabling an attacker to potentially read or modify data associated with the site via a vulnerable input path. The CV...
CVE-2015-9311
The CVE-2015-9311 entry concerns the WordPress plugin newstatpress prior to version 1.0.6, which is affected by a reflected XSS vulnerability. The issue is documented consistently across multiple sources (NVD, Red Hat advisory, CNVD, OpenVAS NASL entry) as an XSS in the plugin. Impact details in ...
CVE-2017-18575
CVE-2017-18575 affects the WordPress plugin NewStatPress prior to version 1.2.5. The issue is multiple stored XSS flaws in the plugin, where unsanitized user-supplied data can be stored and later reflected in pages, enabling injection of client-side scripts. Public exploitation details are not pr...
CVE-2017-20094
CVE-2017-20094 affects the WordPress plugin NewStatPress 1.2.4. The vulnerability is described as a basic persistent cross-site scripting (XSS) issue that can be exploited remotely. Upgrading to version 1.2.5 addresses the issue. Some connected sources also indicate that a PoC exists (Exploitatio...