CVE-2022-25305

Name of the Vulnerable Software and Affected Versions WP Statistics versions up to and including 13.1.5

Description The issue arises from insufficient escaping and sanitization of the IP parameter in the ~/includes/class-wp-statistics-ip.php file, allowing attackers to inject arbitrary web scripts onto several pages. These scripts execute when site administrators view a site's statistics.

Recommendations For versions up to and including 13.1.5, consider disabling the IP tracking feature until a patch is available to prevent exploitation of the Cross-Site Scripting vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.