Michael Kapfer

**Name of the Vulnerable Software and Affected Versions** WP-Stats WordPress plugin versions prior to 2.52 **Description** The issue allows an attacker to make logged-in high-privilege users change settings and set Cross-Site Scripting payloads due to the lack of a CSRF check when saving settings and the failure to escape some settings when outputting them. **Recommendations** For WP-Stats WordPress plugin versions prior to 2.52, update to version 2.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** newstatpress plugin versions prior to 1.0.4 for WordPress **Description** The issue is related to a Cross-Site Scripting (XSS) vulnerability. It is associated with the Referer header. **Recommendations** For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Referer header until the update is applied.