Cross-site Scripting Vulnerability in NewStatPress Plugin for WordPress
CVE-2015-4063

Currently unrated

Key Information:

Vendor: Wordpress
Status: Newstatpress
Vendor: CVE Published:; 27 May 2015

Summary

A cross-site scripting (XSS) vulnerability exists in the NewStatPress plugin for WordPress. This flaw allows remote authenticated users to inject arbitrary web script or HTML via the 'where1' parameter in the nsp_search page to wp-admin/admin.php. The vulnerability can be exploited to perform malicious actions or to manipulate content displayed to users, leading to potential unauthorized access and data exposure. To safeguard against this issue, it is crucial to update the plugin to version 0.9.9 or later, where the vulnerability has been addressed.

References

http://packetstormsecurity.com/files/132038/WordPress-New...

x_refsource_MISC

https://wordpress.org/plugins/newstatpress/changelog/

x_refsource_CONFIRM

http://www.securityfocus.com/bid/74773

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 27, 2015
Vulnerability Reserved
May 22, 2015