WordPress Plugin Vulnerabilities

WP Statistics <= 12.0.9 - Authenticated Cross-Site Scripting (XSS)

Description

The WP Statistics WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
wp-statistics
Fixed in 12.0.10

References

CVE
CVE-2017-10991
URL
https://lorexxar.cn/2017/07/07/WordPress%20WP%20Statistics%20authenticated%20xss%20Vulnerability(WP%20Statistics%20-=12.0.9)/
URL
https://plugins.trac.wordpress.org/changeset/1701803/wp-statistics

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
25e52b9f-cf00-4e73-b04a-03f6e3de6dbb

Timeline

Publicly Published
2017-07-07 (about 8 years ago)
Added
2017-07-19 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-01-10
Title
WP Email Newsletter <= 1.1 - Reflected XSS
Published
2024-04-05
Title
Testimonials < 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-02-21
Title
Better Customer List for WooCommerce <= 1.2.3 - Reflected Cross-Site Scripting
Published
2024-07-05
Title
WS Contact Form < 1.3.8 - Admin+ Stored XSS
Published
2024-06-05
Title
Frontend Checklist <= 2.3.2 - Admin+ Stored XSS