Stored XSS Vulnerability in Kento Post View Counter Plugin for WordPress
CVE-2016-10981

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Kento-post-view-counter
Vendor: CVE Published:; 17 September 2019

Summary

The Kento Post View Counter plugin for WordPress, up to version 2.8, is susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This flaw allows unauthenticated users to input malicious scripts through vulnerable fields such as kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text. If successfully exploited, it can lead to unauthorized access and manipulation of the website's content, posing significant risks to users and site integrity.

References

https://wordpress.org/plugins/kento-post-view-counter/#de...

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2016/04/16/3

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 17, 2019
Vulnerability Reserved
Sep 17, 2019