WP Statistics <= 8.4 - Unauthenticated Referer Header Stored XSS



Description
On the “Statistics > Visitors” screen the referer link is not filtered. Malicious JavaScript can be injected by an unauthenticated user. This simple cURL command with a custom referer header makes it possible: curl -H 'Referer: javascript:alert(location.href);' 'http://wp.dev'

Affects Plugin

fixed in version 8.5

References

URL https://pastebin.com/Vsik5R1r
URL https://wordpress.org/plugins/wp-statistics/changelog/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter SecuBeastTeam
Views 4154
Verified No
WPVDB ID 7702

Timeline

Publicly Published 2014-12-03 (over 5 years ago)
Added 2014-12-03 (over 5 years ago)
Last Updated 2019-11-25 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin