WP Statistics <= 8.4 - Unauthenticated Referer Header Stored XSS

Sign up to our free email alerts service for instant vulnerability notifications!

Description
On the “Statistics > Visitors” screen the referer link is not filtered. Malicious JavaScript can be injected by an unauthenticated user. This simple cURL command with a custom referer header makes it possible: curl -H 'Referer: javascript:alert(location.href);' 'http://wp.dev'

Affects

Plugin wp-statistics
fixed in version 8.5

References

URL http://pastebin.com/raw.php?i=Vsik5R1r
URL https://wordpress.org/plugins/wp-statistics/changelog/

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter SecuBeastTeam
Views 68
Verified No
WPVDB ID 7702

Timeline

Added 2014-12-03 (about 2 years ago)
Last Updated 2015-05-15 (over 1 year ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.