CVE-2022-1005

CVE-2022-1005: WP Statistics < 13.2.2 - Reflected Cross-Site Scripting

Vendor Unknown
Product WP Statistics
Weakness CWE-79 · XSS
Published June 6, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters

Key dates

02Disclosure timeline

June 6, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-37432 WordPress Esteem theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-12701 WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting CVE-2024-37449 WordPress Slider Revolution plugin <= 6.7.13 - Cross Site Scripting (XSS) vulnerability CVE-2026-3412 itsourcecode University Management System att_single_view.php cross site scripting CVE-2022-2768 SourceCodester Library Management System cross site scripting