WordPress WP Statistics authenticated xss Vulnerability(WP Statistics <=12.0.9)
Version 12.0.9 and below of the WP Statistics WordPress Plugin was found to be vulnerable to Authenticated Reflected Cross-Site Scripting (XSS).The
'rangeend' GET parameter on page wps_referrers_page is output without validated, sanitised or output encoded. This leads to Authenticated Reflected Cross-Site Scripting (XSS), which could allow attackers to compromise a WordPress application by tricking an authenticated administrator user into clicking on a specially crafted link.
/includes/log/top-referring.php line 18-30, the
/includes/log/top-referring.php line 86, the
date_args variable is output in the PHP
Click on the following link in the Firefox browser: