CVE-2022-27231

low-risk

Published 2022-06-13

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.

Do I need to act?

0.31% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Wp Statistics

Affected Vendors

Veronalabs

References (6)

Release Notes https://jvn.jp/en/jp/JVN15241647/index.html

Product https://wordpress.org/plugins/wp-statistics/

Release Notes https://wordpress.org/plugins/wp-statistics/#developers

Release Notes https://jvn.jp/en/jp/JVN15241647/index.html

Product https://wordpress.org/plugins/wp-statistics/

Release Notes https://wordpress.org/plugins/wp-statistics/#developers

/ 100

low-risk

Severity 23/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal