CVE-2013-3526

NUCLEI

Trafficanalyzer - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Beni_Vanda · textwebappsphp
https://www.exploit-db.com/exploits/38439

Nuclei Templates (1)

WordPress Plugin Traffic Analyzer - 'aoid' Cross-Site Scripting
MEDIUMby daffainfo

References (5)

Scores

EPSS 0.0819
EPSS Percentile 92.1%

Details

CWE
CWE-79
Status published
Products (43)
wptrafficanalyzer/trafficanalyzer
wptrafficanalyzer/trafficanalyzer
wptrafficanalyzer/trafficanalyzer
wptrafficanalyzer/trafficanalyzer
wptrafficanalyzer/trafficanalyzer
wptrafficanalyzer/trafficanalyzer
wptrafficanalyzer/trafficanalyzer
wptrafficanalyzer/trafficanalyzer
wptrafficanalyzer/trafficanalyzer
wptrafficanalyzer/trafficanalyzer
... and 33 more
Published May 10, 2013
Tracked Since Feb 18, 2026