Switch to the dark mode that's kinder on your eyes at night time.

Switch to the light mode that's kinder on your eyes at day time.

Switch to the dark mode that's kinder on your eyes at night time.

Switch to the light mode that's kinder on your eyes at day time.

WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations (blog.sucuri.net)

by WPNEWS team July 20, 2019, 22:20 Comments

The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7.

This vulnerability can only be exploited under certain configurations—the default settings are not vulnerable.

security XSS

More From: Security

Astro + WPGraphQL for more secure WordPress sites
WordPress powers over 43% of the web, and that makes it a prime target for hackers and bots. But […]
Patchstack Tracks 328% More Security Bugs Reported in WordPress Plugins in 2022 (wptavern.com)
Patchstack, a WordPress security maintenance and management tool, has published its “State of WordPress Security” whitepaper for 2022, tracking a few key metrics on publicly reported vu…
All In One SEO Pack Vulnerabilities Impacting 3 Million Sites Patched (www.wordfence.com)
On January 26, 2023, the Wordfence Team responsibly disclosed two vulnerabilities in All In One SEO Pack, a WordPress plugin installed on over 3 Million sites which provides search engine[…]
GoDaddy says a multi-year breach hijacked customer websites and accounts (arstechnica.com)
Three breaches over as many years all carried out by the same threat actor.
Multiple Authenticated SQL Injection Fixed In WP Statistics Plugin Version (patchstack.com)
If you’re a WP Statistics user, please update the plugin to at least version13.2.11. Patchstack Pro and Business users are protected from the vulnerability. You can also sign up the[…]
Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network (blog.sucuri.net)
Since late December, our team has been tracking a new spike in WordPress website infections related to the following malicious domain: track[.]violetlovelines[.]comPublicWWW results show over 5,600 websites impacted by this[…]

Astro + WPGraphQL for more secure WordPress sites

Patchstack Tracks 328% More Security Bugs Reported in WordPress Plugins in 2022 (wptavern.com)

All In One SEO Pack Vulnerabilities Impacting 3 Million Sites Patched (www.wordfence.com)

GoDaddy says a multi-year breach hijacked customer websites and accounts (arstechnica.com)

Multiple Authenticated SQL Injection Fixed In WP Statistics Plugin Version (patchstack.com)

Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network (blog.sucuri.net)

How to scan your WordPress instances for Security Issues using WPScan (blog.wpsec.com)

WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations (blog.sucuri.net)

Leave a Reply Cancel reply

Loginizer Plugin Gets Forced Security Update for Vulnerabilities Affecting 1 Million Users (wptavern.com)

Vulnerability Exposes Over 4 Million Sites Using WPBakery (www.wordfence.com)

Astro + WPGraphQL for more secure WordPress sites

Patchstack Tracks 328% More Security Bugs Reported in WordPress Plugins in 2022 (wptavern.com)

All In One SEO Pack Vulnerabilities Impacting 3 Million Sites Patched (www.wordfence.com)

GoDaddy says a multi-year breach hijacked customer websites and accounts (arstechnica.com)

Multiple Authenticated SQL Injection Fixed In WP Statistics Plugin Version (patchstack.com)

Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network (blog.sucuri.net)

How to create a custom header with Jupiter X like on the Apple website (themes.artbees.net)

Top 13 Must Have WordPress Plugins for Bloggers in New WordPress Blogs in 2019 (www.bloggingden.com)

Leave a Reply Cancel reply

Log In

Sign In

Forgot password?

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections