2 matches found
CVE-2022-25148
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the currentpageid parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...
PT-2022-17099 · WordPress · Wp Statistics
Name of the Vulnerable Software and Affected Versions: WP Statistics versions up to and including 13.1.5 Description: The issue is related to SQL Injection due to insufficient escaping and parameterization of the current page id parameter found in the /includes/class-wp-statistics-hits.php file...