The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the nm_vistior page.
Metrics
Affected Vendors & Products
References
History
Tue, 01 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nitinmaurya
Nitinmaurya wordpress Visitors |
|
CPEs | cpe:2.3:a:nitinmaurya:wordpress_visitors:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Nitinmaurya
Nitinmaurya wordpress Visitors |
Thu, 26 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Nitinmaurya12
Nitinmaurya12 wordpress Visitors |
|
CPEs | cpe:2.3:a:nitinmaurya12:wordpress_visitors:*:*:*:*:*:*:*:* | |
Vendors & Products |
Nitinmaurya12
Nitinmaurya12 wordpress Visitors |
|
Metrics |
ssvc
|
Thu, 26 Sep 2024 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the nm_vistior page. | |
Title | WordPress Visitors <= 1.0 - Unauthenticated Stored Cross-Site Scripting via HTTP Header | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-26T09:29:43.280Z
Updated: 2024-09-26T13:28:37.408Z
Reserved: 2022-12-16T02:26:52.976Z
Link: CVE-2022-4541
Vulnrichment
Updated: 2024-09-26T13:28:19.704Z
NVD
Status : Analyzed
Published: 2024-09-26T10:15:02.437
Modified: 2024-10-01T13:46:08.473
Link: CVE-2022-4541
Redhat
No data.