← Back

Wp Stats

wp-stats

Vendor: Wp Stats Project • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-10001
1Wp Stats Project
1Wp Stats
Nov 21, 2024
Nov 1, 2021
N/A· v4
4.3 MEDIUM· v3
4.3 MEDIUM· v2
The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and...Show more
The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloadsShow less