Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN15241647/index.html | Release Notes Third Party Advisory |
https://wordpress.org/plugins/wp-statistics/ | Product Third Party Advisory |
https://wordpress.org/plugins/wp-statistics/#developers | Release Notes Third Party Advisory |
https://jvn.jp/en/jp/JVN15241647/index.html | Release Notes Third Party Advisory |
https://wordpress.org/plugins/wp-statistics/ | Product Third Party Advisory |
https://wordpress.org/plugins/wp-statistics/#developers | Release Notes Third Party Advisory |
Configurations
History
21 Nov 2024, 06:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/en/jp/JVN15241647/index.html - Release Notes, Third Party Advisory | |
References | () https://wordpress.org/plugins/wp-statistics/ - Product, Third Party Advisory | |
References | () https://wordpress.org/plugins/wp-statistics/#developers - Release Notes, Third Party Advisory |
17 Jun 2022, 18:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CPE | cpe:2.3:a:veronalabs:wp_statistics:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
References | (MISC) https://wordpress.org/plugins/wp-statistics/ - Product, Third Party Advisory | |
References | (MISC) https://wordpress.org/plugins/wp-statistics/#developers - Release Notes, Third Party Advisory | |
References | (MISC) https://jvn.jp/en/jp/JVN15241647/index.html - Release Notes, Third Party Advisory |
13 Jun 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-13 05:15
Updated : 2024-11-21 06:55
NVD link : CVE-2022-27231
Mitre link : CVE-2022-27231
CVE.ORG link : CVE-2022-27231
JSON object : View
Products Affected
veronalabs
- wp_statistics
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')