cleantalk
Vulnerabilities and Security Researches

NewStatPress, CVE-2022-0206

CVE, Research URL

CVE-2022-0206

Home page URL

Security reports for NewStatPress

Application

NewStatPress

Published on
Feb 14, 2022
Research Description
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Affected versions
Min -, max 1.3.6.
Status
vulnerable
Previous vulnerability researches
NewStatPress (CVE-2015-9312) , Jun 07, 2024
NewStatPress (CVE-2015-9315) , Jun 07, 2024
NewStatPress (CVE-2015-4063) , Jun 07, 2024
NewStatPress (CVE-2022-0206) , Jun 07, 2024
NewStatPress (CVE-2017-18575) , Jun 07, 2024
New vulnerability
Min Max Default Quantity for WooCommerce (CVE-2025-47504) , Jun 09, 2025
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025