CVE-2019-10864

The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.
Configurations

Configuration 1 (hide)

cpe:2.3:a:veronalabs:wp_statistics:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 04:19

Type Values Removed Values Added
References () https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c - Patch, Third Party Advisory () https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c - Patch, Third Party Advisory
References () https://medium.com/%40aramburu/cve-2019-10864-wordpress-7aebc24751c4 - () https://medium.com/%40aramburu/cve-2019-10864-wordpress-7aebc24751c4 -

Information

Published : 2019-04-23 18:29

Updated : 2024-11-21 04:19


NVD link : CVE-2019-10864

Mitre link : CVE-2019-10864

CVE.ORG link : CVE-2019-10864


JSON object : View

Products Affected

veronalabs

  • wp_statistics
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')