Cross-Site Scripting Vulnerability in WP Statistics by WordPress
CVE-2022-27231

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
WP Statistics
Vendor
CVE Published:
13 June 2022

What is CVE-2022-27231?

A cross-site scripting vulnerability in the WP Statistics plugin allows attackers to execute arbitrary scripts on the web browsers of users logging into a website using this plugin. The issue arises due to inadequate processing of the platform parameter, which can be exploited by a malicious actor. This could lead to unauthorized actions being executed in the user's session, compromising user data and overall site security.

Affected Version(s)

WP Statistics versions prior to 13.2.0

References

https://wordpress.org/plugins/wp-statistics/
x_refsource_MISC
https://wordpress.org/plugins/wp-statistics/#developers
x_refsource_MISC
https://jvn.jp/en/jp/JVN15241647/index.html
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.