CVE-2024-2194 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-2194 PUBLISHED CVSS 7.199999809265137 HIGH

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

EPSS 27.80% · 96.4th percentile

Risk Scores

CVSS v3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

EPSS Score

27.80%

96.4th percentile

Affected Products

Vendor	Product	Versions
mostafas1990	WP Statistics	*

Timeline

Mar 13, 2024 CVE Published
Mar 14, 2024 EPSS Score
May 4, 2024 EPSS Score
May 29, 2024 EPSS Score
Jul 20, 2024 EPSS Score
Aug 18, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 8, 2024 EPSS Score
Nov 27, 2024 EPSS Score
Dec 24, 2024 EPSS Score
Feb 12, 2025 EPSS Score
Mar 10, 2025 EPSS Score

References

Open in Interactive Console →