NewStatPress Plugin Vulnerability

The NewStatPress plugin is a WordPress extension used for displaying statistics and analytics on websites. It's designed to provide insights into website traffic, engagement, and other metrics. However, due to insufficient input sanitization and output escaping in the nsp_shortcode function, attackers can inject arbitrary web scripts, potentially leading to cross-site scripting (XSS) attacks.

You're affected if you use NewStatPress. Specific version info not stated in the advisory.

To fix this vulnerability, upgrade to NewStatPress version 1.4.4 or later from the official WordPress repository:

https://wordpress.org/plugins/newstatpress/

Alternatively, if an immediate upgrade isn't possible, follow these mitigations:

• Restrict network access to your WordPress installation (firewall it from the public internet)
• Audit plugin activity for suspicious access patterns
• Monitor for unauthorized plugin updates

• plugins.trac.wordpress.org
• www.wordfence.com