CVE-2015-10001

CVE-2015-10001: WP-Stats < 2.5.2 - CSRF to Stored Cross-Site Scripting (XSS)

Vendor Unknown
Product WP-Stats
Weakness CWE-352 · CSRF
Published November 1, 2021
Last update August 6, 2024

CVSS base score

What the vulnerability does

01Description

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads

Key dates

02Disclosure timeline

November 1, 2021 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE