WP Statistics < 13.1.6 - Multiple Unauthenticated Stored Cross-Site Scripting

ID WPVDB-ID:FC822698-1F5A-4371-8C6E-2CA250C3C26D
Type wpvulndb
Reporter wpvulndb
Modified 2022-04-16T07:02:17


The plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP, browser and platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics