WordPress Plausible Analytics plugin <= 1.2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Vulnerable versions
<= 1.2.2
PSID
1c953d3a9e42
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Publicly disclosed
2022-04-07
Patchstack vPatch available since
09.12.2021
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by José Aguilera (Patchstack Alliance) in WordPress Plausible Analytics plugin (versions <= 1.2.2).
Solution
Update the WordPress Plausible Analytics plugin to the latest available version (at least 1.2.3).
References
CVE-2022-27845
Plugin page