Stored Cross-Site Scripting Vulnerability in WP Statistics Plugin
CVE-2024-2194

7.2HIGH

Key Information:

Vendor: Wordpress
Status: WP Statistics
Vendor: CVE Published:; 13 March 2024

What is CVE-2024-2194?

The WP Statistics plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability that affects all versions up to and including 14.5. This issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts via the URL search parameter. When a user accesses an affected page, these scripts can execute, potentially compromising user data and system integrity. Website administrators using this plugin should prioritize updates to ensure a secure environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WP Statistics * <= 14.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

EPSS Score

35% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Mar 5, 2024

Credit

Tim Coen

JSON

Wordpress