CVE-2026-6275
- EPSS 0.31%
- Veröffentlicht 29.05.2026 05:32:35
- Zuletzt bearbeitet 29.05.2026 13:09:05
The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.1 This is due to insufficient output escaping on the post author's nickname in the statcounter_addT...
CVE-2025-13048
- EPSS 0.24%
- Veröffentlicht 19.02.2026 03:25:19
- Zuletzt bearbeitet 15.04.2026 00:35:42
The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This make...
CVE-2021-24920
- EPSS 0.64%
- Veröffentlicht 28.02.2022 09:15:08
- Zuletzt bearbeitet 21.11.2024 05:54:00
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed