Description
Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by David Kierznowski · textwebappsphp
https://www.exploit-db.com/exploits/30403
References (8)
Core 8
Core References
Exploit mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=118548811323718&w=2
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25085
Various Sources x_refsource_misc
http://blogsecurity.net/wordpress/news-260707/
Patch x_refsource_confirm
http://bueltge.de/plugin-wp-feedstats-in-neuer-version/481/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37259
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26249
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35646
Various Sources x_refsource_misc
http://blogsecurity.net/news/news-130707/
Scores
EPSS
0.0731
EPSS Percentile
91.7%
Details
Status
published
Products (1)
wp-feedstats/wordpress_plugin
< 2.1
Published
Jul 31, 2007
Tracked Since
Feb 18, 2026