CVE-2015-4063

Name of the Vulnerable Software and Affected Versions NewStatPress plugin versions prior to 0.9.9

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp search page to 'wp-admin/admin.php'.

Recommendations For versions prior to 0.9.9, update to version 0.9.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the nsp search page in wp-admin/admin.php to minimize the risk of exploitation. Avoid using the where1 parameter in the affected page until the issue is resolved.