The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.
References
Configurations
History
21 Nov 2024, 04:19
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c - Patch, Third Party Advisory | |
References | () https://medium.com/%40aramburu/cve-2019-10864-wordpress-7aebc24751c4 - |
Information
Published : 2019-04-23 18:29
Updated : 2024-11-21 04:19
NVD link : CVE-2019-10864
Mitre link : CVE-2019-10864
CVE.ORG link : CVE-2019-10864
JSON object : View
Products Affected
veronalabs
- wp_statistics
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')