CVE-2022-1005

Name of the Vulnerable Software and Affected Versions WP Statistics WordPress plugin versions prior to 13.2.2

Description The issue arises from the WP Statistics WordPress plugin not sanitizing the REQUEST URI parameter before outputting it back in the rendered page. This leads to Cross-Site Scripting (XSS) in web browsers that do not encode characters.

Recommendations For versions prior to 13.2.2, update to version 13.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality that outputs the REQUEST URI parameter until a patch is applied.