newstatpress_project CVE Vulnerabilities & Metrics

Focus on newstatpress_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About newstatpress_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with newstatpress_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total newstatpress_project CVEs: 10
Earliest CVE date: 27 May 2015, 18:59 UTC
Latest CVE date: 24 Jun 2022, 07:15 UTC

Latest CVE reference: CVE-2017-20094

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical newstatpress_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.0

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	6
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS newstatpress_project CVEs

These are the five CVEs with the highest CVSS scores for newstatpress_project, sorted by severity first and recency.

CVE-2015-9315 newstatpress_project Published on 14 Aug 2019, 15:15 UTC (CVSS: 7.5)
The newstatpress plugin before 1.0.1 for WordPress has SQL injection.
CVE-2015-9313 newstatpress_project Published on 14 Aug 2019, 15:15 UTC (CVSS: 7.5)
The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.
CVE-2015-4062 newstatpress_project Published on 27 May 2015, 18:59 UTC (CVSS: 6.5)
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
CVE-2022-0206 newstatpress_project Published on 14 Feb 2022, 12:15 UTC (CVSS: 4.3)
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
CVE-2017-18575 newstatpress_project Published on 22 Aug 2019, 13:15 UTC (CVSS: 4.3)
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.

All CVEs for newstatpress_project

CVE-2017-20094 newstatpress_project vulnerability CVSS: 3.5 24 Jun 2022, 07:15 UTC

A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component.

CVE-2022-0206 newstatpress_project vulnerability CVSS: 4.3 14 Feb 2022, 12:15 UTC

The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

CVE-2017-18575 newstatpress_project vulnerability CVSS: 4.3 22 Aug 2019, 13:15 UTC

The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.

CVE-2015-9315 newstatpress_project vulnerability CVSS: 7.5 14 Aug 2019, 15:15 UTC

The newstatpress plugin before 1.0.1 for WordPress has SQL injection.

CVE-2015-9314 newstatpress_project vulnerability CVSS: 4.3 14 Aug 2019, 15:15 UTC

The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.

CVE-2015-9313 newstatpress_project vulnerability CVSS: 7.5 14 Aug 2019, 15:15 UTC

The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.

CVE-2015-9312 newstatpress_project vulnerability CVSS: 4.3 14 Aug 2019, 15:15 UTC

The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.

CVE-2015-9311 newstatpress_project vulnerability CVSS: 4.3 14 Aug 2019, 15:15 UTC

The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.

CVE-2015-4063 newstatpress_project vulnerability CVSS: 3.5 27 May 2015, 18:59 UTC

Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.

CVE-2015-4062 newstatpress_project vulnerability CVSS: 6.5 27 May 2015, 18:59 UTC

SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.