Lucene search
Taurus OmarWPVDB-ID:F37D1D55-10CC-4202-8D16-9EC2128F54F9HistoryMay 10, 2022 - 12:00 a.m.
WP Statistics < 13.2.2 - Reflected Cross-Site Scripting
2022-05-1000:00:00
Taurus Omar
wpscan.com
17
wp statistics
reflected cross-site scripting
request_uri parameter
xss
web browsers
character encoding
EPSS
0.001
Percentile
34.0%
The plugin does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters
PoC
GET /wp-admin/admin.php?page=wps_settings_page&a;= HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate Connection: close Cookie: [admin+]
Related
prion
prion
Cross site scripting
2022-06-08 10:15:00
patchstack
patchstack
cvelist
cvelist
CVE-2022-1005 WP Statistics < 13.2.2 - Reflected Cross-Site Scripting
2022-06-06 08:50:53
cve
cve
CVE-2022-1005
2022-06-08 10:15:09
wpexploit
wpexploit
WP Statistics < 13.2.2 - Reflected Cross-Site Scripting
2022-05-10 00:00:00
osv
osv
CVE-2022-1005
2022-06-08 10:15:09
cnvd
cnvd
WordPress WP Statistics Cross-Site Scripting Vulnerability
2022-06-09 00:00:00
openvas
openvas
WordPress WP Statistics Plugin < 13.2.2 XSS Vulnerability
2022-06-09 00:00:00
nvd
nvd
CVE-2022-1005
2022-06-08 10:15:09