Description
Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.
Exploits (1)
Nuclei Templates (1)
WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
MEDIUMby daffainfo
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/92197
Exploit x_refsource_misc
http://packetstormsecurity.com/files/121167/WordPress-Traffic-Analyzer-Cross-Site-Scripting.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/58948
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83311
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52929
Scores
EPSS
0.0819
EPSS Percentile
92.2%
Details
CWE
CWE-79
Status
published
Products (42)
wptrafficanalyzer/trafficanalyzer
1.0.0
wptrafficanalyzer/trafficanalyzer
1.1.0
wptrafficanalyzer/trafficanalyzer
1.1.1
wptrafficanalyzer/trafficanalyzer
1.1.2
wptrafficanalyzer/trafficanalyzer
1.1.3
wptrafficanalyzer/trafficanalyzer
1.2.0
wptrafficanalyzer/trafficanalyzer
1.3.0
wptrafficanalyzer/trafficanalyzer
1.4.0
wptrafficanalyzer/trafficanalyzer
1.5.0
wptrafficanalyzer/trafficanalyzer
1.6.0
... and 32 more
Published
May 10, 2013
Tracked Since
Feb 18, 2026