WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations

WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations

The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7.

This vulnerability can only be exploited under certain configurations—the default settings are not vulnerable.

Timeline 

  • 2019/06/26 – Initial contact to the developer.
  • 2019/06/27 – Response from the developer, disclosure of the vulnerability.
  • 2019/06/30 – Patch proposed for review.

Continue reading WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations at Sucuri Blog.

Via Sucuri.net

Tags: