🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

NewStatPress

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > NewStatPress

Information

Software Type	Plugin
Software Slug	newstatpress (view on wordpress.org)
Software Status	Active
Software Author	ice00
Software Website	newstatpress.altervista.org
Software Downloads	921,689
Software Active Installs	10,000
Software Record Last Updated	May 19, 2024

9 Vulnerabilities

NewStatPress <= 1.3.5 - Reflected Cross-Site Scripting

6.1

CVE-2022-0206

Jan 13, 2022

Researcher: Krzysztof Zając

NewStatPress < 1.2.5 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2017-18575

Mar 1, 2017

Researcher: Han Sahin

NewStatPress < 1.0.6 - SQL Injection

9.8

CVE-2015-9313

Jul 7, 2015

Researcher: James Hooker

NewStatPress < 1.0.6 - Reflected Cross-Site Scripting

6.1

CVE-2015-9312

Jul 7, 2015

Researcher: James Hooker

NewStatPress <= 1.0.3 - Stored Cross-Site Scripting

7.2

CVE-2015-9314

Jun 30, 2015

Researcher: Michael Kapfer

NewStatPress <= 1.0.6 - Reflected Cross-Site Scripting

6.1

CVE-2015-9311

Jun 25, 2015

Researcher: James Hooker

NewStatPress <= 1.0.0 - SQL Injection

9.8

CVE-2015-9315

Jun 8, 2015

Researchers:

NewStatPress <= 0.9.8 - Authenticated SQL Injection

8.8

CVE-2015-4062

May 25, 2015

Researcher: Adrián M. F.

NewStatPress <= 0.9.8 - Authenticated Cross-Site Scripting

5.4

CVE-2015-4063

May 25, 2015

Researcher: Adrián M. F.

Title	Status	CVE ID	CVSS	Researchers	Date
NewStatPress <= 1.3.5 - Reflected Cross-Site Scripting	Patched	CVE-2022-0206	6.1	Krzysztof Zając	January 13, 2022
NewStatPress < 1.2.5 - Unauthenticated Stored Cross-Site Scripting	Patched	CVE-2017-18575	7.2	Han Sahin	March 1, 2017
NewStatPress < 1.0.6 - SQL Injection	Patched	CVE-2015-9313	9.8	James Hooker	July 7, 2015
NewStatPress < 1.0.6 - Reflected Cross-Site Scripting	Patched	CVE-2015-9312	6.1	James Hooker	July 7, 2015
NewStatPress <= 1.0.3 - Stored Cross-Site Scripting	Patched	CVE-2015-9314	7.2	Michael Kapfer	June 30, 2015
NewStatPress <= 1.0.6 - Reflected Cross-Site Scripting	Patched	CVE-2015-9311	6.1	James Hooker	June 25, 2015
NewStatPress <= 1.0.0 - SQL Injection	Patched	CVE-2015-9315	9.8		June 8, 2015
NewStatPress <= 0.9.8 - Authenticated SQL Injection	Patched	CVE-2015-4062	8.8	Adrián M. F.	May 25, 2015
NewStatPress <= 0.9.8 - Authenticated Cross-Site Scripting	Patched	CVE-2015-4063	5.4	Adrián M. F.	May 25, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation