WP Statistics <= 12.6.3 - Referer Cross-Site Scripting (XSS)

Affects Plugin

fixed in version 12.6.4

References

CVE 2019-10864
URL https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c
URL https://medium.com/@aramburu/cve-2019-10864-wordpress-7aebc24751c4

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Manuel Fernández-Aramburu (Innotec Security)
Submitter Manuel Fernández-Aramburu (Innotec Security)
Submitter Website https://www.innotecsystem.com/
Submitter Twitter innotecsecurity
Views 4321
Verified No
WPVDB ID 9261

Timeline

Publicly Published 2019-04-09 (about 1 month ago)
Added 2019-04-24 (26 days ago)
Last Updated 2019-05-02 (18 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.