Vulnerabilities and security researches fornewstatpress

CVE, Research URL: CVE-2015-9312
Home page URL: Security reports for NewStatPress
Application: NewStatPress
Date: Aug 14, 2019
Research Description: The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2015-9315
Home page URL: Security reports for NewStatPress
Application: NewStatPress
Date: Aug 14, 2019
Research Description: The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2015-4063
Home page URL: Security reports for NewStatPress
Application: NewStatPress
Date: May 27, 2015
Research Description: Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-0206
Home page URL: Security reports for NewStatPress
Application: NewStatPress
Date: Feb 14, 2022
Research Description: The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2017-18575
Home page URL: Security reports for NewStatPress
Application: NewStatPress
Date: Aug 22, 2019
Research Description: The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2015-4062
Home page URL: Security reports for NewStatPress
Application: NewStatPress
Date: May 27, 2015
Research Description: SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2015-9313
Home page URL: Security reports for NewStatPress
Application: NewStatPress
Date: Aug 14, 2019
Research Description: The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2015-9311
Home page URL: Security reports for NewStatPress
Application: NewStatPress
Date: Aug 14, 2019
Research Description: The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2015-9314
Home page URL: Security reports for NewStatPress
Application: NewStatPress
Date: Aug 14, 2019
Research Description: The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.
Affected versions: Min -, max -.
Status: vulnerable

Vulnerabilities and security researches fornewstatpress newstatpress