CVE-2019–10864: Wp-Statistics Stored XSS

Manuel Fernandez-Aramburu
4 min readApr 30, 2019

Manuel Fernández-Aramburu and Melchor Vázquez from
Innotec Security (https://innotec.security)

Image from Freepik

Introduction

Have you ever started auditing a WordPress website? If the answer is yes, for sure you will understand what this post is about. When you start looking through the WordPress site, there is not much to do, especially if the site…