CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12566 – WP Statistics <= 12.6.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12566
31 May 2019 — The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user. El Plugin WP Statistics hasta la versión 12.6.5 para Wordpress tiene almacenado un problema de tipo Cross-Site Scripting (XSS) en el archivo includes/class-wp-statistics-pages.php. Lo anterior esta relacionado a una cuenta con el rol de editor que creando una publicaci... • https://github.com/wp-statistics/wp-statistics/commit/aec4359975344f75385ae1ec257575d8131d6ec2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10864 – WP Statistics <= 12.6.3 - Referer Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-10864
09 Apr 2019 — The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request. El plugin WP Statistics en la versión 12.6.2 para WordPress tiene una vulnerabilidad XSS, permitiendo a un atacante remoto inyectar scripts web arbitrarios o HTML a través del Referer de cabecera mediante una petición GET. • https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000556
https://notcve.org/view.php?id=CVE-2018-1000556
26 Jun 2018 — WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. . WordPress en versiones 4.8 y posteriores contiene una vulnerabilidad Cross-Site Scripting (XSS... • https://www.pluginvulnerabilities.com/2017/04/28/reflected-cross-site-scripting-xss-vulnerability-in-wp-statistics • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18515 – WP Statistics <= 12.0.7 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2017-18515
30 Jun 2017 — The wp-statistics plugin before 12.0.8 for WordPress has SQL injection. El plugin wp-statistics versiones anteriores a 12.0.8 para WordPress, presenta una inyección SQL. • https://wordpress.org/plugins/wp-statistics/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •