WP Statistics < 13.1.6 - Multiple Unauthenticated Stored Cross-Site Scripting

2022-02-17T00:00:00
ID WPVDB-ID:FC822698-1F5A-4371-8C6E-2CA250C3C26D
Type wpvulndb
Reporter wpvulndb
Modified 2022-04-16T07:02:17

Description

The plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP, browser and platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics