← back
CVE-2019-12566

CVE-2019-12566

EPSS 1.1%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Jun 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/wp-statistics/wp-statistics/commit/aec4359975344f75385ae1ec257575d8131d6ec2https://github.com/wp-statistics/wp-statistics/issues/271https://wordpress.org/plugins/wp-statistics/#developers