Wordpress
July 4, 2020

WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations

Nick

The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7.

This vulnerability can only be exploited under certain configurations—the default settings are not vulnerable.

Timeline 

  • 2019/06/26 – Initial contact to the developer.
  • 2019/06/27 – Response from the developer, disclosure of the vulnerability.
  • 2019/06/30 – Patch proposed for review.

Continue reading WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security…

Read Story
Wordpress
October 28, 2021

Critical Vulnerability Remains Unpatched in Two Permanently Closed MiniOrange WordPress Plugins – $1,250 Bounty Awarded

🎉 Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to…

Read Story
Wordpress
March 13, 2024

WordPress Vulnerability & Patch Roundup March 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are…

Read Story
Wordpress
April 25, 2024

Emergency WordPress Help

One of our techs will get back to you within minutes.