VYPR

Newstatpress

by WordPress

Source repositories

CVEs (10)

  • CVE-2015-9315CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The newstatpress plugin before 1.0.1 for WordPress has SQL injection.

  • CVE-2015-9313CriAug 14, 2019
    risk 0.64cvss 9.8epss 0.02

    The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.

  • CVE-2025-13747MedDec 12, 2025
    risk 0.42cvss 6.4epss 0.00

    The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nsp_shortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2022-0206MedFeb 14, 2022
    risk 0.40cvss 6.1epss 0.01

    The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

  • CVE-2017-18575MedAug 22, 2019
    risk 0.40cvss 6.1epss 0.01

    The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.

  • CVE-2015-9314MedAug 14, 2019
    risk 0.40cvss 6.1epss 0.01

    The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.

  • CVE-2015-9312MedAug 14, 2019
    risk 0.40cvss 6.1epss 0.02

    The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.

  • CVE-2015-9311MedAug 14, 2019
    risk 0.40cvss 6.1epss 0.01

    The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.

  • CVE-2015-4062May 27, 2015
    risk 0.04cvss epss 0.09

    SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.

  • CVE-2015-4063May 27, 2015
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.