WordPress Plugin Vulnerabilities

NewStatPress <= 1.2.4 - Stored Cross-Site Scripting (XSS)

Description

The NewStatPress WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
newstatpress
Fixed in 1.2.5

References

CVE
CVE-2017-18575
Exploitdb
41486
URL
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_the_wordpress_newstatpress_plugin.html
URL
https://seclists.org/fulldisclosure/2017/Feb/81

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
4257477a-f33a-4e59-8c21-c1679f5f9f10

Timeline

Publicly Published
2017-03-01 (about 9 years ago)
Added
2017-03-02 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-01-08
Title
Super Interactive Maps <= 2.3 - Reflected Cross-Site Scripting
Published
2025-08-07
Title
Multimedia Playlist Slider Addon for WPBakery Page Builder < 2.2 - Reflected Cross-Site Scripting
Published
2026-02-18
Title
Smartsupp – live chat, AI shopping assistant and chatbots < 3.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2014-08-01
Title
GD Star Rating 1.9.7 - Cross-Site Scripting (XSS)
Published
2023-01-04
Title
RSS Aggregator by Feedzy < 4.1.1 - Contributor+ Stored XSS