WP Statistics <= 12.6.6.1 - Unauthenticated Stored XSS Under Certain Configurations



Description
Unauthenticated stored XSS via the forwarded IP if the plugin has a certain configuration

Affects Plugin

fixed in version 12.6.7

References

URL https://blog.sucuri.net/2019/07/wordpress-plugin-wp-statistics-unauthenticated-stored-xss-under-certain-configurations.html

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Antony Garand
Submitter Antony Garand
Submitter Website https://blog.sucuri.net/author/antony-garand
Submitter Twitter AntoGarand
Views 1501
Verified No
WPVDB ID 9419

Timeline

Publicly Published 2019-07-03 (21 days ago)
Added 2019-07-03 (20 days ago)
Last Updated 2019-07-03 (20 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin