Kuqadk3

**Name of the Vulnerable Software and Affected Versions** WP Statistics plugin versions prior to 12.6.6 **Description** The issue is related to stored XSS in the includes/class-wp-statistics-pages.php file. It can be exploited when an account with the Editor role creates a post with a title containing JavaScript, which can then be used to attack an admin user. **Recommendations** For WP Statistics plugin versions prior to 12.6.6, update to version 12.6.6 or later to resolve the issue. As a temporary workaround, consider restricting the ability of Editor role accounts to create posts with titles that contain JavaScript.