CVE-2017-2135
MEDIUMWP Statistics <12.0.1 - XSS
Title source: llmDescription
Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Scores
CVSS v3
6.1
EPSS
0.0032
EPSS Percentile
55.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
published
Affected Products (2)
wp-statistics/wp_statistics
< 12.0.1
WP Statistics/WP Statistics
< version 12.0.1 and earlier
Timeline
Published
Apr 28, 2017
Tracked Since
Feb 18, 2026