CVE Catalog
CVE-2026-57629
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.16%
6th percentile — higher than 6% of all known CVEs
Summary
The StatCounter plugin version 2.1.1 and earlier contains a Cross Site Scripting (XSS) vulnerability in the Contributor function. This allows an attacker to inject malicious JavaScript code into the page.
Risk Assessment
The risk involves potential session hijacking, redirection to malicious sites, or theft of sensitive data through script execution in the victim's browser.
Recommendation
It is recommended to immediately update the StatCounter plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.

