Newstatpress
by WordPress
Source repositories
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9315 | Cri | 0.64 | 9.8 | 0.02 | Aug 14, 2019 | The newstatpress plugin before 1.0.1 for WordPress has SQL injection. | ||
| CVE-2015-9313 | Cri | 0.64 | 9.8 | 0.02 | Aug 14, 2019 | The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. | ||
| CVE-2025-13747 | Med | 0.42 | 6.4 | 0.00 | Dec 12, 2025 | The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nsp_shortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2022-0206 | Med | 0.40 | 6.1 | 0.01 | Feb 14, 2022 | The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues | ||
| CVE-2017-18575 | Med | 0.40 | 6.1 | 0.01 | Aug 22, 2019 | The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues. | ||
| CVE-2015-9314 | Med | 0.40 | 6.1 | 0.01 | Aug 14, 2019 | The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. | ||
| CVE-2015-9312 | Med | 0.40 | 6.1 | 0.02 | Aug 14, 2019 | The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. | ||
| CVE-2015-9311 | Med | 0.40 | 6.1 | 0.01 | Aug 14, 2019 | The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. | ||
| CVE-2015-4062 | 0.04 | — | 0.09 | May 27, 2015 | SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php. | |||
| CVE-2015-4063 | 0.03 | — | 0.06 | May 27, 2015 | Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. |
- risk 0.64cvss 9.8epss 0.02
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
- risk 0.64cvss 9.8epss 0.02
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
- risk 0.42cvss 6.4epss 0.00
The NewStatPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a regex bypass in nsp_shortcode function in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.40cvss 6.1epss 0.01
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
- risk 0.40cvss 6.1epss 0.01
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.
- risk 0.40cvss 6.1epss 0.01
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.
- risk 0.40cvss 6.1epss 0.02
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.
- risk 0.40cvss 6.1epss 0.01
The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.
- CVE-2015-4062May 27, 2015risk 0.04cvss —epss 0.09
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
- CVE-2015-4063May 27, 2015risk 0.03cvss —epss 0.06
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.