Vulnerabilities > Newstatpress Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-24 | CVE-2017-20094 | Cross-site Scripting vulnerability in Newstatpress Project Newstatpress 1.2.4 A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. | 3.5 |
| 2022-02-14 | CVE-2022-0206 | Cross-site Scripting vulnerability in Newstatpress Project Newstatpress The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | 4.3 |
| 2019-08-22 | CVE-2017-18575 | Cross-site Scripting vulnerability in Newstatpress Project Newstatpress The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues. | 4.3 |
| 2019-08-14 | CVE-2015-9315 | SQL Injection vulnerability in Newstatpress Project Newstatpress The newstatpress plugin before 1.0.1 for WordPress has SQL injection. | 7.5 |
| 2019-08-14 | CVE-2015-9314 | Cross-site Scripting vulnerability in Newstatpress Project Newstatpress The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. | 4.3 |
| 2019-08-14 | CVE-2015-9313 | SQL Injection vulnerability in Newstatpress Project Newstatpress The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. | 7.5 |
| 2019-08-14 | CVE-2015-9312 | Cross-site Scripting vulnerability in Newstatpress Project Newstatpress The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. | 4.3 |
| 2019-08-14 | CVE-2015-9311 | Cross-site Scripting vulnerability in Newstatpress Project Newstatpress The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. | 4.3 |
| 2015-05-27 | CVE-2015-4063 | Cross-site Scripting vulnerability in Newstatpress Project Newstatpress Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. | 3.5 |
| 2015-05-27 | CVE-2015-4062 | SQL Injection vulnerability in Newstatpress Project Newstatpress SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php. | 6.5 |