Stored Cross-site Scripting Vulnerability in WP Visitor Statistics Plugin by osamaesh
CVE-2025-24675
6.5MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 24 January 2025
Summary
The WP Visitor Statistics (Real Time Traffic) plugin by osamaesh contains a vulnerability allowing for Stored Cross-site Scripting (XSS). This flaw arises from improper neutralization of user input during web page generation, meaning attackers can inject malicious scripts that are stored and executed on the users' browsers. Versions of the plugin up to and including 7.2 are affected, posing a significant risk to website security and user data integrity. It is essential for administrators to update or mitigate this vulnerability to protect against potential exploitation.
Affected Version(s)
WP Visitor Statistics (Real Time Traffic) <= 7.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)