Ghostwire

CVE-2022-50945: WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows...

MEDIUM CVSS 6.4 Exploit Available

Published: May 10, 2026 | Last Modified: May 10, 2026

Description

WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input fields. Attackers can insert JavaScript payloads in the dady_input_text or dady2_input_text fields via the plugin options panel to execute arbitrary code when the page is viewed.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

CVE-2022-50945: WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows...

Description

Ghostwire Analysis — What This Means Practically

Security Coverage (1 articles)

References