Vulnerability Description
Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Veronalabs | Wp Statistics | < 13.2.0 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN15241647/index.htmlRelease NotesThird Party Advisory
- https://wordpress.org/plugins/wp-statistics/ProductThird Party Advisory
- https://wordpress.org/plugins/wp-statistics/#developersRelease NotesThird Party Advisory
- https://jvn.jp/en/jp/JVN15241647/index.htmlRelease NotesThird Party Advisory
- https://wordpress.org/plugins/wp-statistics/ProductThird Party Advisory
- https://wordpress.org/plugins/wp-statistics/#developersRelease NotesThird Party Advisory
FAQ
What is CVE-2022-27231?
CVE-2022-27231 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be e...
How severe is CVE-2022-27231?
CVE-2022-27231 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27231?
Check the references section above for vendor advisories and patch information. Affected products include: Veronalabs Wp Statistics.