CVE-2015-4062 Scanner

The NewStatPress plugin for WordPress is a tool for website owners to monitor and analyze the visitors to their sites. This plugin allows users to track metrics, including the number of visitors, page views, and search queries performed on their site. With NewStatPress, website owners can gather insights to help optimize their content and marketing efforts.

In June 2015, a vulnerability was detected in the NewStatPress plugin, known as CVE-2015-4062. This vulnerability allowed remote authenticated users to execute arbitrary SQL commands, using the "where1" parameter in the "nsp_search" page to the "wp-admin/admin.php" file. This vulnerability affected versions of NewStatPress up to and including version 0.9.8.9.

When exploited, the CVE-2015-4062 vulnerability could lead to significant security risks and consequences. Attackers could use this vulnerability to obtain unauthorized access to a website's database, gain privileged information or sensitive data, or even execute arbitrary code on the server. Such an attack could have grave implications for the security, confidentiality, and integrity of a website and its users.

At s4e.io, our pro features provide a comprehensive and reliable overview of vulnerabilities in your digital assets. With our platform, users can easily and quickly learn about vulnerabilities and threats to their website's security. Our security experts use the latest tools and technologies to uncover potential risks and provide actionable recommendations to prevent attacks and minimize damage in case of a breach. By taking advantage of our pro features, website owners can stay one step ahead of cybercriminals and protect their reputation, business, and customers.

REFERENCES

• http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html 
• https://wordpress.org/plugins/newstatpress/changelog/ 
• securityfocus.com: 74773 
• exploit-db.com: 37107