Newstatpress Project: >> Newstatpress >> 0.2.7 Security Vulnerabilities
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
CVSS Score
6.1
EPSS Score
0.042
Published
2022-02-14
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-22
The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-14
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.
CVSS Score
6.1
EPSS Score
0.042
Published
2019-08-14
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-14
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-08-14
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
CVSS Score
3.5
EPSS Score
0.031
Published
2015-05-27
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
CVSS Score
6.5
EPSS Score
0.252
Published
2015-05-27