Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in WP Statistics 12.0.8.1

  • Severity: medium-risk
  • Status: Fixed
  • Publication: July 3, 2017

The WP Statistics plugin for WordPress has a bug in versions before 12.0.9 which makes it vulnerable to attack. If someone is able to get you to click on a link, they can inject malicious web scripts into the page which can then be executed. This is because the plugin doesn’t properly check the input it takes in or properly protect the output it sends out.

Detected in:

WP Statistics fixed vulnerable versions: >= * <= 12.0.8.1
WP Statistics – Simple, privacy-friendly Google Analytics alternative fixed vulnerable versions:
WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.