MidnightBSD

Advisories for newstatpress_project

CVE-2015-4062 MEDIUM

SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
newstatpress_project newstatpress *
CVE-2015-4063 LOW

Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
newstatpress_project newstatpress *
CVE-2015-9311 MEDIUM

The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
newstatpress_project newstatpress *
CVE-2015-9312 MEDIUM

The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
newstatpress_project newstatpress *
CVE-2015-9313 HIGH

The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
newstatpress_project newstatpress *
CVE-2015-9314 MEDIUM

The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
newstatpress_project newstatpress *
CVE-2015-9315 HIGH

The newstatpress plugin before 1.0.1 for WordPress has SQL injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
newstatpress_project newstatpress *
CVE-2017-18575 MEDIUM

The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
newstatpress_project newstatpress *
CVE-2017-20094 LOW

A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
cna@vuldb.com 3.5 LOW CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-80,CWE-79,

Products Affected

Vendor Product Version
newstatpress_project newstatpress 1.2.4
CVE-2022-0206 MEDIUM

The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
newstatpress_project newstatpress *