CVE-2021-24167

CVE-2021-24167: Web-Stat < 1.4.1 - API Key Disclosure

Vendor Unknown
Product Web-Stat
Weakness CWE-200 · Info exposure
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated