Vulnerabilities > Newstatpress Project

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2017-20094 Cross-site Scripting vulnerability in Newstatpress Project Newstatpress 1.2.4
A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4.
3.5
2022-02-14 CVE-2022-0206 Cross-site Scripting vulnerability in Newstatpress Project Newstatpress
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
4.3
2019-08-22 CVE-2017-18575 Cross-site Scripting vulnerability in Newstatpress Project Newstatpress
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.
4.3
2019-08-14 CVE-2015-9315 SQL Injection vulnerability in Newstatpress Project Newstatpress
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
network
low complexity
newstatpress-project CWE-89
7.5
2019-08-14 CVE-2015-9314 Cross-site Scripting vulnerability in Newstatpress Project Newstatpress
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.
4.3
2019-08-14 CVE-2015-9313 SQL Injection vulnerability in Newstatpress Project Newstatpress
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
network
low complexity
newstatpress-project CWE-89
7.5
2019-08-14 CVE-2015-9312 Cross-site Scripting vulnerability in Newstatpress Project Newstatpress
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.
4.3
2019-08-14 CVE-2015-9311 Cross-site Scripting vulnerability in Newstatpress Project Newstatpress
The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.
4.3
2015-05-27 CVE-2015-4063 Cross-site Scripting vulnerability in Newstatpress Project Newstatpress
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
3.5
2015-05-27 CVE-2015-4062 SQL Injection vulnerability in Newstatpress Project Newstatpress
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
network
low complexity
newstatpress-project CWE-89
6.5