CVE-2022-27231

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.
References
Link Resource
https://jvn.jp/en/jp/JVN15241647/index.html Release Notes Third Party Advisory
https://wordpress.org/plugins/wp-statistics/ Product Third Party Advisory
https://wordpress.org/plugins/wp-statistics/#developers Release Notes Third Party Advisory
https://jvn.jp/en/jp/JVN15241647/index.html Release Notes Third Party Advisory
https://wordpress.org/plugins/wp-statistics/ Product Third Party Advisory
https://wordpress.org/plugins/wp-statistics/#developers Release Notes Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:veronalabs:wp_statistics:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:55

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN15241647/index.html - Release Notes, Third Party Advisory () https://jvn.jp/en/jp/JVN15241647/index.html - Release Notes, Third Party Advisory
References () https://wordpress.org/plugins/wp-statistics/ - Product, Third Party Advisory () https://wordpress.org/plugins/wp-statistics/ - Product, Third Party Advisory
References () https://wordpress.org/plugins/wp-statistics/#developers - Release Notes, Third Party Advisory () https://wordpress.org/plugins/wp-statistics/#developers - Release Notes, Third Party Advisory

17 Jun 2022, 18:51

Type Values Removed Values Added
CWE CWE-79
CPE cpe:2.3:a:veronalabs:wp_statistics:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.3
v3 : 6.1
References (MISC) https://wordpress.org/plugins/wp-statistics/ - (MISC) https://wordpress.org/plugins/wp-statistics/ - Product, Third Party Advisory
References (MISC) https://wordpress.org/plugins/wp-statistics/#developers - (MISC) https://wordpress.org/plugins/wp-statistics/#developers - Release Notes, Third Party Advisory
References (MISC) https://jvn.jp/en/jp/JVN15241647/index.html - (MISC) https://jvn.jp/en/jp/JVN15241647/index.html - Release Notes, Third Party Advisory

13 Jun 2022, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-13 05:15

Updated : 2024-11-21 06:55


NVD link : CVE-2022-27231

Mitre link : CVE-2022-27231

CVE.ORG link : CVE-2022-27231


JSON object : View

Products Affected

veronalabs

  • wp_statistics
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')