WP Statistics <= 12.6.3 - Referer Cross-Site Scripting (XSS)

Affects Plugin

fixed in version 12.6.4

References

CVE 2019-10864
URL https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c
URL https://medium.com/@aramburu/cve-2019-10864-wordpress-7aebc24751c4

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Manuel Fernández-Aramburu (Innotec Security)
Submitter Manuel Fernández-Aramburu (Innotec Security)
Submitter Website https://www.innotecsystem.com/
Submitter Twitter innotecsecurity
Views 7071
Verified No
WPVDB ID 9261

Timeline

Publicly Published 2019-04-09 (3 months ago)
Added 2019-04-24 (3 months ago)
Last Updated 2019-05-02 (3 months ago)