WordPress Seriously Simple Stats Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-45005

7.1HIGH

Key Information:

Vendor: WordPress
Status: Seriously Simple Stats
Vendor: CVE Published:; 17 October 2023

Summary

The Seriously Simple Stats plugin for WordPress is susceptible to an unauthenticated reflected Cross-Site Scripting (XSS) vulnerability in versions up to 1.5.1. This security flaw allows attackers to inject malicious scripts into the plugin, potentially compromising the security of the website and its users. Website administrators utilizing this plugin should consider updating to a secured version to mitigate the risk associated with this vulnerability.

Affected Version(s)

Seriously Simple Stats <= 1.5.1

References

https://patchstack.com/database/vulnerability/seriously-s...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Oct 2, 2023

Credit

Rafie Muhammad (Patchstack)