VULHUB ™

The WP-Stats plugin for WordPress is prone to an HTML-injection vulnerability and a cross-site request-forgery vulnerability. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to WP-Stats 2.5.2 are vulnerable.

The WP-Stats plugin for WordPress is prone to an HTML-injection vulnerability and a cross-site request-forgery vulnerability. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible. Versions prior to WP-Stats 2.5.2 are vulnerable.