7 matches found
CVE-2022-0206
The CVE-2022-0206 case documents a vulnerability in the WordPress plugin NewStatPress prior to version 1.3.6. The issue arises because the plugin does not properly escape the whatX parameters before outputting them in HTML attributes, which enables reflected cross-site scripting (XSS). The connec...
CVE-2015-9312
CVE-2015-9312 affects the WordPress plugin NewStatPress prior to 1.0.5 (observed in templates and RedHat/NVD entries). The vulnerability is a cross-site scripting (XSS) flaw in includes/nsp_search.php where GET parameters are used unsafely, with outputs escaping issues that allow injected script....
CVE-2015-9313
CVE-2015-9313: The WordPress plugin newstatpress (before 1.0.5) is affected by an SQL injection through an IMG element. The root cause is unsafe SQL construction in the plugin’s search path (nsp_search.php), enabling an attacker to potentially disclose data (PoC shows exfiltration of user hashes)...
CVE-2015-9314
The CVE-2015-9314 entry concerns the WordPress plugin NewStatPress, affected versions prior to 1.0.4. The vulnerability is an XSS issue tied to the Referer header, impacting the plugin’s handling of HTTP Referer data. Several connected sources corroborate the same flaw (XSS related to Referer hea...
CVE-2015-9315
The CVE-2015-9315 entry concerns the WordPress plugin NewStatPress , affected versions before 1.0.1 . According to the sources, this plugin contains an SQL injection vulnerability, enabling an attacker to potentially read or modify data associated with the site via a vulnerable input path. The CV...
CVE-2015-9311
The CVE-2015-9311 entry concerns the WordPress plugin newstatpress prior to version 1.0.6, which is affected by a reflected XSS vulnerability. The issue is documented consistently across multiple sources (NVD, Red Hat advisory, CNVD, OpenVAS NASL entry) as an XSS in the plugin. Impact details in ...
CVE-2017-18575
CVE-2017-18575 affects the WordPress plugin NewStatPress prior to version 1.2.5. The issue is multiple stored XSS flaws in the plugin, where unsanitized user-supplied data can be stored and later reflected in pages, enabling injection of client-side scripts. Public exploitation details are not pr...