WordPress WP Statistics plug-in 'visitor' screen HTML Injection Vulnerability
Release date:
Updated on:
Affected Systems:
WordPress WP Statistics 8.4
WordPress WP Statistics
Description:
Bugtraq id: 71520
WP Statistics is the WordPress website Statistics plug-in.
WP Statistics 8.4 and earlier versions have the HTML injection vulnerability. After successful exploitation, attackers can execute HTML and script code in the context of the affected browser.
<* Source: pastebin
*>
Test method:
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/wordpress/wp-content/wp-plugs/cbi-referral-manager/getNetworkSites.php? SearchString = % 22% 3E % 3 Cscript % 3 Ealert % 281% 29% 3C % 2 Fscript % 3E & amp; page = & amp; search = Filter
Suggestion:
Vendor patch:
WordPress
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://wordpress.org/support/plugin/wp-statistics
This article permanently updates the link address: