The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-11-01T08:45:47
Updated: 2024-08-06T08:58:24.557Z
Reserved: 2021-10-31T00:00:00
Link: CVE-2015-10001
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-11-01T09:15:07.897
Modified: 2024-11-21T02:24:08.887
Link: CVE-2015-10001
Redhat
No data.