CVE-2015-10001
The CVE-2015-10001 entry concerns the WP-Stats WordPress plugin (pre-2.52). The underlying issue is the absence of CSRF checks when saving settings and incomplete escaping of output, enabling an authenticated, high-privilege user to modify settings and inject Cross-Site Scripting payloads. Affect...