WordPress Plugin Automattic Stats Referer Field HTML Injection

WordPress Plugin Automattic Stats is prone to an HTML injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site to steal cookie-based authentication credentials or to control how the site is rendered to the user other attacks are also possible. WordPress Plugin Automattic Stats version 1.0 is vulnerable other versions may also be affected.