{"id":"CVE-2019-12566","details":"The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.","modified":"2026-03-15T14:03:47.242713Z","published":"2019-06-03T00:29:00.263Z","references":[{"type":"ADVISORY","url":"https://wordpress.org/plugins/wp-statistics/#developers"},{"type":"FIX","url":"https://github.com/wp-statistics/wp-statistics/commit/aec4359975344f75385ae1ec257575d8131d6ec2"},{"type":"FIX","url":"https://github.com/wp-statistics/wp-statistics/issues/271"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wp-statistics/wp-statistics","events":[{"introduced":"0"},{"last_affected":"75e068813b0ddd6ed8f5204900f86d79de53f869"},{"fixed":"aec4359975344f75385ae1ec257575d8131d6ec2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"12.6.5"}]}}],"versions":["12.0.10","12.0.11","12.0.12","12.0.12.1","12.0.6","12.0.7","12.0.8","12.0.8.1","12.0.9","12.1.0","12.1.1","12.1.2","12.1.3","12.2","12.3","12.3.1","12.3.2","12.3.3","12.3.4","12.3.5","12.3.6","12.3.6.1","12.3.6.2","12.3.6.4","12.4.0","12.4.1","12.4.3","12.5","12.5.1","12.5.2","12.5.3","12.5.4","12.5.5","12.5.6","12.5.7","12.6","12.6.1","12.6.2","12.6.3","12.6.4","12.6.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12566.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}