Lucene search
WPScanCVELIST:CVE-2023-0955HistoryMar 27, 2023 - 3:37 p.m.
CVE-2023-0955 WP Statistics < 14.0 - Authenticated SQLi
2023-03-2715:37:29
WPScan
www.cve.org
3
cve-2023-0955
authenticated
sql injection
wp statistics
wordpress
user parameters
EPSS
0.001
Percentile
31.1%
The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.
CNA Affected
[
{
"vendor": "Unknown",
"product": "WP Statistics",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "14.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Sql injection
2023-03-27 16:15:00
cve
cve
CVE-2023-0955
2023-03-27 16:15:09
wpexploit
wpexploit
WP Statistics < 14.0 - Authenticated SQLi
2023-03-06 00:00:00
nvd
nvd
CVE-2023-0955
2023-03-27 16:15:09
osv
osv
CVE-2023-0955
2023-03-27 16:15:09
wpvulndb
wpvulndb
WP Statistics < 14.0 - Authenticated SQLi
2023-03-06 00:00:00
openvas
openvas
WordPress WP Statistics Plugin < 13.2.11 Multiple SQLi Vulnerabilities
2023-03-10 00:00:00
wordfence
wordfence