Vulnerabilities > Veronalabs > WP Statistics > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2019-10864 | Cross-site Scripting vulnerability in Veronalabs WP Statistics The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request. | 6.1 |
| 2018-06-26 | CVE-2018-1000556 | Cross-site Scripting vulnerability in Veronalabs WP Statistics WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. | 4.3 |