CVE-2007-4104

Name of the Vulnerable Software and Affected Versions WP-FeedStats versions prior to 2.4

Description The issue involves multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. One of the vectors involves an rss2 feed with an invalid or missing blog and an XSS sequence in the query string.

Recommendations For WP-FeedStats versions prior to 2.4, update to version 2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to rss2 feeds to minimize the risk of exploitation.