WordPress Plugin Vulnerabilities

WP Statistics <= 8.4 - Unauthenticated Referer Header Stored XSS

Description

On the "Statistics > Visitors" screen the referer link is not filtered. Malicious JavaScript can be injected by an unauthenticated user. This simple cURL command with a custom referer header makes it possible: curl -H 'Referer: javascript:alert(location.href);' 'http://wp.dev'

Affects Plugins

Plugin icon
wp-statistics
Fixed in 8.5

References

URL
https://pastebin.com/Vsik5R1r

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
SecuBeastTeam
Verified
No
WPVDB ID
628a59c5-937f-4cd9-8415-b27b13c08a9d

Timeline

Publicly Published
2014-12-03 (about 11 years ago)
Added
2014-12-03 (about 11 years ago)
Last Updated
2021-01-19 (about 5 years ago)

Other

Published
Title
Published
2024-10-17
Title
Elemenda <= 0.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Published
2019-09-16
Title
InJob < 3.3.8 - Reflected & Persistent XSS
Published
2026-01-20
Title
TableOn < 1.0.4.3 - Reflected Cross-Site Scripting
Published
2024-04-23
Title
Premium Addons for Elementor < 4.10.29 - Contributor+ Stored Cross-Site Scripting
Published
2023-11-14
Title
Slider Revolution < 6.6.15 - Authenticated (Contributor+) Stored Cross-Site Scripting