WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations

The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7 . This vulnerability can only be exploited under certain configurations—the default settings are not vulnerable.

Source: WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations