Lucene search
+L
Newstatpress ProjectNewstatpress*

7 matches found

CVE
CVE
added 2022/02/14 9:21 a.m.133 views

CVE-2022-0206

The CVE-2022-0206 case documents a vulnerability in the WordPress plugin NewStatPress prior to version 1.3.6. The issue arises because the plugin does not properly escape the whatX parameters before outputting them in HTML attributes, which enables reflected cross-site scripting (XSS). The connec...

6.1CVSS6.1AI score0.01458EPSS
Web
CVE
CVE
added 2019/08/14 2:54 p.m.84 views

CVE-2015-9312

CVE-2015-9312 affects the WordPress plugin NewStatPress prior to 1.0.5 (observed in templates and RedHat/NVD entries). The vulnerability is a cross-site scripting (XSS) flaw in includes/nsp_search.php where GET parameters are used unsafely, with outputs escaping issues that allow injected script....

6.1CVSS6.2AI score0.01879EPSS
Web
CVE
CVE
added 2019/08/14 2:53 p.m.57 views

CVE-2015-9313

CVE-2015-9313: The WordPress plugin newstatpress (before 1.0.5) is affected by an SQL injection through an IMG element. The root cause is unsafe SQL construction in the plugin’s search path (nsp_search.php), enabling an attacker to potentially disclose data (PoC shows exfiltration of user hashes)...

9.8CVSS9.8AI score0.01815EPSS
Web
CVE
CVE
added 2019/08/14 2:52 p.m.55 views

CVE-2015-9314

The CVE-2015-9314 entry concerns the WordPress plugin NewStatPress, affected versions prior to 1.0.4. The vulnerability is an XSS issue tied to the Referer header, impacting the plugin’s handling of HTTP Referer data. Several connected sources corroborate the same flaw (XSS related to Referer hea...

6.1CVSS6AI score0.00923EPSS
CVE
CVE
added 2019/08/14 2:51 p.m.55 views

CVE-2015-9315

The CVE-2015-9315 entry concerns the WordPress plugin NewStatPress , affected versions before 1.0.1 . According to the sources, this plugin contains an SQL injection vulnerability, enabling an attacker to potentially read or modify data associated with the site via a vulnerable input path. The CV...

9.8CVSS9.9AI score0.01815EPSS
CVE
CVE
added 2019/08/14 2:54 p.m.54 views

CVE-2015-9311

The CVE-2015-9311 entry concerns the WordPress plugin newstatpress prior to version 1.0.6, which is affected by a reflected XSS vulnerability. The issue is documented consistently across multiple sources (NVD, Red Hat advisory, CNVD, OpenVAS NASL entry) as an XSS in the plugin. Impact details in ...

6.1CVSS6.3AI score0.00923EPSS
CVE
CVE
added 2019/08/22 12:59 p.m.52 views

CVE-2017-18575

CVE-2017-18575 affects the WordPress plugin NewStatPress prior to version 1.2.5. The issue is multiple stored XSS flaws in the plugin, where unsanitized user-supplied data can be stored and later reflected in pages, enabling injection of client-side scripts. Public exploitation details are not pr...

6.1CVSS6AI score0.00915EPSS