Stored Cross-site Scripting Vulnerability in WP Visitor Statistics Plugin by osamaesh

CVE-2025-24675

What is CVE-2025-24675?

The WP Visitor Statistics (Real Time Traffic) plugin by osamaesh contains a vulnerability allowing for Stored Cross-site Scripting (XSS). This flaw arises from improper neutralization of user input during web page generation, meaning attackers can inject malicious scripts that are stored and executed on the users' browsers. Versions of the plugin up to and including 7.2 are affected, posing a significant risk to website security and user data integrity. It is essential for administrators to update or mitigate this vulnerability to protect against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References