Search criteria
4 vulnerabilities by osama.esh
CVE-2025-67983 (GCVE-0-2025-67983)
Vulnerability from cvelistv5 – Published: 2025-12-16 08:12 – Updated: 2025-12-17 20:38
VLAI?
Title
WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.3.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osama.esh | WP Visitor Statistics (Real Time Traffic) |
Affected:
n/a , ≤ <= 8.3
(custom)
|
Credits
Muhammad Yudha - DJ | Patchstack Bug Bounty Program
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-67983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T20:38:33.911284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T20:38:43.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-stats-manager",
"product": "WP Visitor Statistics (Real Time Traffic)",
"vendor": "osama.esh",
"versions": [
{
"changes": [
{
"at": "8.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "\u003c= 8.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammad Yudha - DJ | Patchstack Bug Bounty Program"
}
],
"datePublic": "2025-12-15T22:02:57.330Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.\u003cp\u003eThis issue affects WP Visitor Statistics (Real Time Traffic): from n/a through \u003c= 8.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through \u003c= 8.3."
}
],
"impacts": [
{
"capecId": "CAPEC-588",
"descriptions": [
{
"lang": "en",
"value": "DOM-Based XSS"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T08:12:58.563Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vdp.patchstack.com/database/Wordpress/Plugin/wp-stats-manager/vulnerability/wordpress-wp-visitor-statistics-real-time-traffic-plugin-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP Visitor Statistics (Real Time Traffic) plugin \u003c= 8.3 - Cross Site Scripting (XSS) vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-67983",
"datePublished": "2025-12-16T08:12:58.563Z",
"dateReserved": "2025-12-15T10:00:33.670Z",
"dateUpdated": "2025-12-17T20:38:43.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49400 (GCVE-0-2025-49400)
Vulnerability from cvelistv5 – Published: 2025-08-20 08:03 – Updated: 2025-08-20 18:06
VLAI?
Title
WordPress WP Visitor Statistics (Real Time Traffic) Plugin <= 8.2 - Cross Site Scripting (XSS) Vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 8.2.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osama.esh | WP Visitor Statistics (Real Time Traffic) |
Affected:
n/a , ≤ 8.2
(custom)
|
Credits
Peter Thaleikis (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49400",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T18:06:33.204899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T18:06:44.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-stats-manager",
"product": "WP Visitor Statistics (Real Time Traffic)",
"vendor": "osama.esh",
"versions": [
{
"changes": [
{
"at": "8.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Peter Thaleikis (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS.\u003c/p\u003e\u003cp\u003eThis issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 8.2.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 8.2."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T08:03:49.869Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/wp-stats-manager/vulnerability/wordpress-wp-visitor-statistics-real-time-traffic-plugin-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress WP Visitor Statistics (Real Time Traffic) plugin to the latest available version (at least 8.3)."
}
],
"value": "Update the WordPress WP Visitor Statistics (Real Time Traffic) plugin to the latest available version (at least 8.3)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WP Visitor Statistics (Real Time Traffic) Plugin \u003c= 8.2 - Cross Site Scripting (XSS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-49400",
"datePublished": "2025-08-20T08:03:49.869Z",
"dateReserved": "2025-06-04T15:44:03.662Z",
"dateUpdated": "2025-08-20T18:06:44.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53566 (GCVE-0-2025-53566)
Vulnerability from cvelistv5 – Published: 2025-07-04 08:42 – Updated: 2025-07-08 14:19
VLAI?
Title
WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.8 - Cross Site Scripting (XSS) Vulnerability
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.8.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osama.esh | WP Visitor Statistics (Real Time Traffic) |
Affected:
n/a , ≤ 7.8
(custom)
|
Credits
muhammad yudha (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:18:58.619953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:19:05.721Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-stats-manager",
"product": "WP Visitor Statistics (Real Time Traffic)",
"vendor": "osama.esh",
"versions": [
{
"changes": [
{
"at": "7.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "7.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "muhammad yudha (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS.\u003c/p\u003e\u003cp\u003eThis issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.8.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.8."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T08:42:00.471Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/wp-stats-manager/vulnerability/wordpress-wp-visitor-statistics-real-time-traffic-plugin-7-8-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress WP Visitor Statistics (Real Time Traffic) plugin to the latest available version (at least 7.9)."
}
],
"value": "Update the WordPress WP Visitor Statistics (Real Time Traffic) plugin to the latest available version (at least 7.9)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WP Visitor Statistics (Real Time Traffic) plugin \u003c= 7.8 - Cross Site Scripting (XSS) Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-53566",
"datePublished": "2025-07-04T08:42:00.471Z",
"dateReserved": "2025-07-03T14:50:56.330Z",
"dateUpdated": "2025-07-08T14:19:05.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49996 (GCVE-0-2025-49996)
Vulnerability from cvelistv5 – Published: 2025-06-20 15:04 – Updated: 2025-06-23 15:30
VLAI?
Title
WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 7.8 - Broken Access Control Vulnerability
Summary
Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.8.
Severity ?
5.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osama.esh | WP Visitor Statistics (Real Time Traffic) |
Affected:
n/a , ≤ 7.8
(custom)
|
Credits
Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T15:30:35.717049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T15:30:40.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-stats-manager",
"product": "WP Visitor Statistics (Real Time Traffic)",
"vendor": "osama.esh",
"versions": [
{
"lessThanOrEqual": "7.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Accessing Functionality Not Properly Constrained by ACLs.\u003c/p\u003e\u003cp\u003eThis issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.8.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.8."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T15:04:06.330Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/wp-stats-manager/vulnerability/wordpress-wp-visitor-statistics-real-time-traffic-plugin-7-8-broken-access-control-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WP Visitor Statistics (Real Time Traffic) plugin \u003c= 7.8 - Broken Access Control Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-49996",
"datePublished": "2025-06-20T15:04:06.330Z",
"dateReserved": "2025-06-11T16:08:03.195Z",
"dateUpdated": "2025-06-23T15:30:40.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}