WP Statistics <= 12.6.3 - Referer Cross-Site Scripting (XSS)

Affects Plugin

fixed in version 12.6.4

References

CVE 2019-10864
URL https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c
URL https://medium.com/@aramburu/cve-2019-10864-wordpress-7aebc24751c4

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Manuel Fernández-Aramburu (Innotec Security)
Submitter Manuel Fernández-Aramburu (Innotec Security)
Submitter Website https://www.innotecsystem.com/
Submitter Twitter innotecsecurity
Views 7657
Verified No
WPVDB ID 9261

Timeline

Publicly Published 2019-04-09 (7 months ago)
Added 2019-04-24 (7 months ago)
Last Updated 2019-11-01 (11 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin