CVE-2021-24920
StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected products
Unknown · StatCounter – Free Real Time Visitor StatsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →