CVE-2022-50945

MEDIUM

WordPress 3dady Real-Time Web Stats 1.0 Stored XSS

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50945. PoCs published by UnD3sc0n0c1d0.

AI-analyzed exploit summary The exploit describes a stored XSS vulnerability in the WordPress plugin '3dady real-time web stats' version 1.0, where unsanitized input in the 'dady_input_text' and 'dady2_input_text' fields allows JavaScript execution. The PoC involves injecting an XSS payload into these fields, which triggers when saved.

Description

WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input fields. Attackers can insert JavaScript payloads in the dady_input_text or dady2_input_text fields via the plugin options panel to execute arbitrary code when the page is viewed.

Exploits (1)

exploitdb WRITEUP
by UnD3sc0n0c1d0 · textwebappsphp
https://www.exploit-db.com/exploits/51021

The exploit describes a stored XSS vulnerability in the WordPress plugin '3dady real-time web stats' version 1.0, where unsanitized input in the 'dady_input_text' and 'dady2_input_text' fields allows JavaScript execution. The PoC involves injecting an XSS payload into these fields, which triggers when saved.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin 3dady real-time web stats 1.0
Auth required
Prerequisites: WordPress admin access · Plugin installed and activated
devstral-2 · analyzed May 10, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit
ExploitDB-51021
https://www.exploit-db.com/exploits/51021
Product product
Official Product Homepage
https://profiles.wordpress.org/3dady/
Third Party Advisory third-party-advisory
VulnCheck Advisory: WordPress 3dady Real-Time Web Stats 1.0 Stored XSS
https://www.vulncheck.com/advisories/wordpress-3dady-real-time-web-stats-stored-xss

Scores

CVSS v3 6.4
EPSS 0.0022
EPSS Percentile 12.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
3dady/real-time web stats 1.0
Published May 10, 2026
Tracked Since May 10, 2026