The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.
References
Link | Resource |
---|---|
https://github.com/wp-statistics/wp-statistics/commit/5aec0a08680f0afea387267a8d1b9fbb3379247c | Patch Third Party Advisory |
https://medium.com/%40aramburu/cve-2019-10864-wordpress-7aebc24751c4 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-04-23T17:42:48
Updated: 2019-05-02T20:09:41
Reserved: 2019-04-04T00:00:00
Link: CVE-2019-10864
JSON object: View
NVD Information
Status : Modified
Published: 2019-04-23T18:29:00.350
Modified: 2023-11-07T03:02:34.470
Link: CVE-2019-10864
JSON object: View
Redhat Information
No data.
CWE