← back
CVE-2022-50945

WordPress 3dady Real-Time Web Stats 1.0 Stored XSS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input fields. Attackers can insert JavaScript payloads in the dady_input_text or dady2_input_text fields via the plugin options panel to execute arbitrary code when the page is viewed.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
3dady · real-time web stats
public PoCs found1
cve_referencewww.exploit-db.com/exploits/51021unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://profiles.wordpress.org/3dady/https://www.exploit-db.com/exploits/51021https://www.vulncheck.com/advisories/wordpress-3dady-real-time-web-stats-stored-xss