Cross-Site Scripting Vulnerability in WP Statistics by WordPress
CVE-2022-27231

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
WP Statistics
Vendor
CVE Published:
13 June 2022

What is CVE-2022-27231?

A cross-site scripting vulnerability in the WP Statistics plugin allows attackers to execute arbitrary scripts on the web browsers of users logging into a website using this plugin. The issue arises due to inadequate processing of the platform parameter, which can be exploited by a malicious actor. This could lead to unauthorized actions being executed in the user's session, compromising user data and overall site security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WP Statistics versions prior to 13.2.0

References

https://wordpress.org/plugins/wp-statistics/
x_refsource_MISC
https://wordpress.org/plugins/wp-statistics/#developers
x_refsource_MISC
https://jvn.jp/en/jp/JVN15241647/index.html
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.