Stored Cross-Site Scripting Vulnerability in WP Statistics Plugin
CVE-2024-2194
7.2HIGH
Summary
The WP Statistics plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability that affects all versions up to and including 14.5. This issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts via the URL search parameter. When a user accesses an affected page, these scripts can execute, potentially compromising user data and system integrity. Website administrators using this plugin should prioritize updates to ensure a secure environment.
Affected Version(s)
WP Statistics * <= 14.5
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tim Coen