Statcountex
by Statcountex
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13048 | Med | 0.42 | 6.4 | 0.00 | Feb 19, 2026 | The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2010-0674 | 0.03 | — | 0.02 | Feb 22, 2010 | StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb. | |||
| CVE-2008-0843 | 0.03 | — | 0.03 | Feb 20, 2008 | StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp. |
- risk 0.42cvss 6.4epss 0.00
The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's Nickname in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for…
- CVE-2010-0674Feb 22, 2010risk 0.03cvss —epss 0.02
StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb.
- CVE-2008-0843Feb 20, 2008risk 0.03cvss —epss 0.03
StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive information and edit configuration scripts via a direct request to admin.asp.