漏洞类别:CGI
漏洞等级: 
漏洞信息
WordPress is an open source blogging tool and content management system based on PHP and MySQL. It has many features including a plug-in architecture and a template system. WP-Statistics is plugin for WordPress visitor statistics.
Cross-site scripting vulnerability in WP Statistics remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected Versions:
WP Statistics versions 12.0.1 and prior
QID Detection Logic:
This unauthenticated detection depends on the BlindElephant engine to detect the version of the WP-Statistics plugin in any WordPress installation as active attacks could potentially harm live installations.
漏洞危害
Successful exploitation could allow an attacker to execute arbitrary HTML and script code in a user's browser session under the context of the site. This may allow the attacker to access sensitive browser-based information such as authentication cookies and recently submitted data.
解决方案
Customers are advised to upgrade their WordPress plugin to WP Statistics 12.0.2 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论