Lucene search
+L
Newstatpress ProjectNewstatpress

10 matches found

CVE
CVE
added 2022/02/14 9:21 a.m.134 views

CVE-2022-0206

The CVE-2022-0206 case documents a vulnerability in the WordPress plugin NewStatPress prior to version 1.3.6. The issue arises because the plugin does not properly escape the whatX parameters before outputting them in HTML attributes, which enables reflected cross-site scripting (XSS). The connec...

6.1CVSS6.1AI score0.01458EPSS
Web
CVE
CVE
added 2015/05/27 6:0 p.m.95 views

CVE-2015-4062

CVE-2015-4062 affects WordPress plugin NewStatPress 0.9.8. The vulnerability is an SQL injection in includes/nsp_search.php that allows a remote authenticated user to execute arbitrary SQL via the where1 parameter on the nsp_search page (wp-admin/admin.php). The issue is demonstrated in multiple ...

6.5CVSS8.1AI score0.09183EPSS
Web
CVE
CVE
added 2015/05/27 6:0 p.m.89 views

CVE-2015-4063

Summary (CVE-2015-4063): WordPress plugin NewStatPress (before 0.9.9) contains a cross-site scripting (XSS) flaw in includes/nsp_search.php. The vulnerability allows remote authenticated users to inject arbitrary script/HTML via the where1 parameter on the nsp_search page (to wp-admin/admin.php)....

3.5CVSS5.4AI score0.06188EPSS
Web
CVE
CVE
added 2019/08/14 2:54 p.m.86 views

CVE-2015-9312

CVE-2015-9312 affects the WordPress plugin NewStatPress prior to 1.0.5 (observed in templates and RedHat/NVD entries). The vulnerability is a cross-site scripting (XSS) flaw in includes/nsp_search.php where GET parameters are used unsafely, with outputs escaping issues that allow injected script....

6.1CVSS6.2AI score0.01879EPSS
Web
CVE
CVE
added 2019/08/14 2:53 p.m.57 views

CVE-2015-9313

CVE-2015-9313: The WordPress plugin newstatpress (before 1.0.5) is affected by an SQL injection through an IMG element. The root cause is unsafe SQL construction in the plugin’s search path (nsp_search.php), enabling an attacker to potentially disclose data (PoC shows exfiltration of user hashes)...

9.8CVSS9.8AI score0.01815EPSS
Web
CVE
CVE
added 2019/08/14 2:52 p.m.55 views

CVE-2015-9314

The CVE-2015-9314 entry concerns the WordPress plugin NewStatPress, affected versions prior to 1.0.4. The vulnerability is an XSS issue tied to the Referer header, impacting the plugin’s handling of HTTP Referer data. Several connected sources corroborate the same flaw (XSS related to Referer hea...

6.1CVSS6AI score0.00923EPSS
CVE
CVE
added 2019/08/14 2:51 p.m.55 views

CVE-2015-9315

The CVE-2015-9315 entry concerns the WordPress plugin NewStatPress , affected versions before 1.0.1 . According to the sources, this plugin contains an SQL injection vulnerability, enabling an attacker to potentially read or modify data associated with the site via a vulnerable input path. The CV...

9.8CVSS9.9AI score0.01815EPSS
CVE
CVE
added 2019/08/14 2:54 p.m.54 views

CVE-2015-9311

The CVE-2015-9311 entry concerns the WordPress plugin newstatpress prior to version 1.0.6, which is affected by a reflected XSS vulnerability. The issue is documented consistently across multiple sources (NVD, Red Hat advisory, CNVD, OpenVAS NASL entry) as an XSS in the plugin. Impact details in ...

6.1CVSS6.3AI score0.00923EPSS
CVE
CVE
added 2019/08/22 12:59 p.m.52 views

CVE-2017-18575

CVE-2017-18575 affects the WordPress plugin NewStatPress prior to version 1.2.5. The issue is multiple stored XSS flaws in the plugin, where unsanitized user-supplied data can be stored and later reflected in pages, enabling injection of client-side scripts. Public exploitation details are not pr...

6.1CVSS6AI score0.00915EPSS
CVE
CVE
added 2022/06/24 6:45 a.m.46 views

CVE-2017-20094

CVE-2017-20094 affects the WordPress plugin NewStatPress 1.2.4. The vulnerability is described as a basic persistent cross-site scripting (XSS) issue that can be exploited remotely. Upgrading to version 1.2.5 addresses the issue. Some connected sources also indicate that a PoC exists (Exploitatio...

5.4CVSS4.5AI score0.00564EPSS