Wordpress
July 4, 2020

WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations

Nick

The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7.

This vulnerability can only be exploited under certain configurations—the default settings are not vulnerable.

Timeline 

  • 2019/06/26 – Initial contact to the developer.
  • 2019/06/27 – Response from the developer, disclosure of the vulnerability.
  • 2019/06/30 – Patch proposed for review.

Continue reading WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Multiple Vulnerabilities in Brizy Page Builder Plugin Allow Site Takeover

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security…

Read Story
Wordpress
October 13, 2021

$601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to…

Read Story
Wordpress
March 20, 2024

WordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know

On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a…

Read Story
Wordpress
August 30, 2022

Emergency WordPress Help

One of our techs will get back to you within minutes.