WordPress WP Statistics Plugin < 14.0 is vulnerable to SQL Injection

Software WP Statistics Type Plugin Vulnerable versions 14.0 Fixed in 14.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0955 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 442f3d5af675 Credits Erwan LR WPScan Required privilege Administrator Publish...

CVE-2023-0955

creationtimestamp| type| source ---|---|--- 2023-03-27 20:50:06+00:00| seen| https://t.me/cibsecurity/60805...

CVE-2023-0955 WP Statistics < 14.0 - Authenticated SQLi

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

WordPress WP Statistics Plugin < 13.2.11 Multiple SQLi Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:veronalabs:wpstatistics"; ifdescription...