Description
WordPress Plugin FireStats is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin FireStats version 1.6.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.6.6 or latest
References
Related Vulnerabilities
MySQL CVE-2015-0498 Vulnerability (CVE-2015-0498)
WordPress Plugin Abandoned Cart Lite for WooCommerce SQL Injection (5.8.1)
Drupal Improper Input Validation Vulnerability (CVE-2019-6339)
WordPress Plugin Polldaddy Polls & Ratings Cross-Site Scripting (2.0.31)
WordPress Plugin XEN Carousel Multiple Cross-Site Scripting Vulnerabilities (0.12.2)