CVE-2021-24920
StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Productos afectados
Unknown · StatCounter – Free Real Time Visitor Stats¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →