Critical XSS Flaw Discovered in WP Statistics Impacting 600K Sites

Summary:

A critical Cross-Site Scripting (XSS) vulnerability (CVE-2024-2194) in WP Statistics plugin, allowing attackers to inject malicious code via the URL parameter. With over 600,000 installations, the flaw poses severe risks, enabling unauthorized script execution and potential data theft or site compromise. Update promptly to patched versions to prevent potential exploitation.

Threat Level – Red | Vulnerability Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.