CVE-2023-23880

WordPress ExactMetrics Plugin <= 7.14.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions.

We have discovered 91,444 live websites that are affected by CVE-2023-23880.

Affected Software


Product	ExactMetrics
Category	Analytics
Vulnerable Versions	from 0 through 7.14.1
Total Vulnerable Versions	86
Vulnerable Domains	91,444 live websites (36.45% of ExactMetrics install base)

Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-23880 and the relative popularity of websites

Available Reports

Website List

Details

Published - Aug 8, 2023
Updated - Aug 8, 2023

Credits

Rafie Muhammad (Patchstack) (finder)

CWE

CWE-79

CVE References

CWE References

cwe.mitre.org

Countries

United States	25,536 websites

France	8,285 websites
Germany	5,823 websites
GB	4,928 websites
Italy	4,678 websites
Netherlands	4,302 websites
Japan	3,721 websites
Brazil	2,914 websites
Spain	2,900 websites
Canada	2,324 websites

TLDs

.com	40,283 websites
.org	3,951 websites
.fr	3,775 websites
.nl	3,544 websites
.de	3,118 websites
.it	3,067 websites
.co.uk	2,936 websites
.com.br	2,506 websites
.net	2,254 websites
.pl	1,689 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2023-23880 through included software libraries and plugins.

References

https://patchstack.com/database/vulnerability/google-analytics-dashboard-for-wp/wordpress-exactmetrics-plugin-7-14-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Websites affected by CVE-2023-23880

Top websites that are affected by CVE-2023-23880. Please click on the "Contact us" button above to get more information.

Domain	Country	Rank
*********.com	United States	,**
*********.com	United States	,**
*********.com	United States	,**
*********.com	United States	,**
**********.com	United States	,**
***************.**************.com	United States	,**
*********.com	United States	,**
*********.com	United States	,**
***************.*******.com	United States	,**
*.*************.com	South Africa	,**

See full domain list