Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN15241647/index.html | Release Notes Third Party Advisory |
https://wordpress.org/plugins/wp-statistics/ | Product Third Party Advisory |
https://wordpress.org/plugins/wp-statistics/#developers | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2022-06-13T04:50:30
Updated: 2022-06-13T04:50:30
Reserved: 2022-05-12T00:00:00
Link: CVE-2022-27231
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-13T05:15:11.230
Modified: 2022-06-17T18:51:32.860
Link: CVE-2022-27231
JSON object: View
Redhat Information
No data.
CWE