Browse all 3 CVE security advisories affecting osamaesh. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Osamaesh is a web application primarily used for content management and e-commerce platforms. Historically, it has been susceptible to remote code execution, cross-site scripting (XSS), and privilege escalation vulnerabilities, often stemming from insufficient input validation and insecure authentication mechanisms. The application's modular architecture has contributed to recurring security flaws, with three CVEs documented to date. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for unpatched deployments. Security researchers have noted that timely updates and proper configuration are critical to mitigating the identified weaknesses in this widely deployed content management solution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4303 | WP Visitor Statistics (Real Time Traffic) <= 8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'height' Shortcode Attribute — WP Visitor Statistics (Real Time Traffic)CWE-79 | 6.4 | Medium | 2026-04-08 |
| CVE-2024-24867 | WordPress WP Stats Manager plugin <= 6.9.4 - Sensitive Data Exposure vulnerability — WP Visitor Statistics (Real Time Traffic)CWE-200 | 5.3 | Medium | 2024-03-17 |
| CVE-2022-33965 | WordPress WP Visitor Statistics plugin <= 5.7 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities — WP Visitor Statistics (WordPress plugin)CWE-89 | 9.3 | Critical | 2022-07-25 |
This page lists every published CVE security advisory associated with osamaesh. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.