CVE-2019-12566

Name of the Vulnerable Software and Affected Versions WP Statistics plugin versions prior to 12.6.6

Description The issue is related to stored XSS in the includes/class-wp-statistics-pages.php file. It can be exploited when an account with the Editor role creates a post with a title containing JavaScript, which can then be used to attack an admin user.

Recommendations For WP Statistics plugin versions prior to 12.6.6, update to version 12.6.6 or later to resolve the issue. As a temporary workaround, consider restricting the ability of Editor role accounts to create posts with titles that contain JavaScript.