Report
The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.
Score:6.1
Severity:Medium
Version: 12.6.3
There is a patch available in v12.6.4 and we strongly recommend you update to this version as soon as possible.
