cleantalk
Vulnerabilities and Security Researches

WP Statistics, CVE-2026-48839

CVE, Research URL

CVE-2026-48839

Home page URL

Security reports for WP Statistics

Application

WP Statistics

Published on
Jun 01, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6.
Affected versions
max 14.16.7.
Status
vulnerable
Previous vulnerability researches
CatFolders – WP Media Folders (CVE-2025-66120) , Jan 10, 2026
CatFolders – WP Media Folders (CVE-2025-9776) , Oct 12, 2025
New vulnerability
WP Statistics (CVE-2026-48839) , Jun 14, 2026
WP Statistics (CVE-2026-3488) , Jun 14, 2026
WP Statistics (CVE-2026-5231) , Jun 14, 2026
FAQ Manager For Divi, Gutenberg Block & Shortcode (CVE-2023-33999) , Jun 14, 2026
TablePress – Tables in WordPress made easy (CVE-2023-33999) , Jun 14, 2026