CVE Catalog

CVE-2026-57629

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

The StatCounter plugin version 2.1.1 and earlier contains a Cross Site Scripting (XSS) vulnerability in the Contributor function. This allows an attacker to inject malicious JavaScript code into the page.

Risk Assessment

The risk involves potential session hijacking, redirection to malicious sites, or theft of sensitive data through script execution in the victim's browser.

Recommendation

It is recommended to immediately update the StatCounter plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS