PT-2026-39474 · WordPress · 3Dady Real-Time Web Stats Plugin
Und3Sc0N0C1D0
·
Published
2026-05-10
·
Updated
2026-05-10
·
CVE-2022-50945
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WordPress 3dady real-time web stats plugin version 1.0
Description
A stored cross-site scripting issue allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input fields. Attackers can insert JavaScript payloads into the
dady input text or dady2 input text fields within the plugin options panel to execute arbitrary code when the page is viewed.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
3Dady Real-Time Web Stats Plugin