WordPress Plugin Vulnerabilities

WP Statistics <= 12.0.4 - Reflected Cross-Site Scripting (XSS)

Description

The WP Statistics WordPress plugin was affected by a Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-statistics
Fixed in 12.0.5

References

CVE
CVE-2017-2136
URL
https://jvn.jp/en/jp/JVN17633442/index.html
URL
https://plugins.trac.wordpress.org/changeset/1629150/wp-statistics
URL
https://plugins.trac.wordpress.org/changeset/1627525/wp-statistics

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d60afdce-b4d9-4faf-8db2-76a0a7f7a882

Timeline

Publicly Published
2017-04-10 (about 9 years ago)
Added
2017-04-10 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2022-01-31
Title
WS Form < 1.8.176 - Admin+ Stored Cross-Site Scripting
Published
2022-08-01
Title
Social Slider Feed < 2.0.5 - Reflected Cross-Site Scripting
Published
2025-05-19
Title
MultiVendorX < 4.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-08-01
Title
DZS Video Gallery - deploy/preview_skin_overlay.swf logoLink Parameter Reflected XSS
Published
2026-01-09
Title
Delay Redirects <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting