1. Home
  2. CVE Database
  3. CVE-2016-10919
MEDIUM · 6.1

CVE-2016-10919

The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.

Vulnerability Description

The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
Wassup Real Time Analytics ProjectWassup Real Time Analytics< 1.9.1

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2016-10919?

CVE-2016-10919 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.

How severe is CVE-2016-10919?

CVE-2016-10919 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-10919?

Check the references section above for vendor advisories and patch information. Affected products include: Wassup Real Time Analytics Project Wassup Real Time Analytics.