21 matches found
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
WordPress Koko Analytics plugin <= 2.1.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Hector Ruiz Ruiz in WordPress Plugin Koko Analytics versions = 2.1.2...
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
CVE-2026-22850
Koko Analytics for WordPress (
EUVD-2026-3319
Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...
WordPress plugin Koko Analytics has a SQL injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
EUVD-2024-49332
Malicious code in bioql PyPI...
CVE-2024-8662
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-8662
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-8662
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-8662 Koko Analytics <= 1.3.12 - Reflected Cross-Site Scripting
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-8662 Koko Analytics <= 1.3.12 - Reflected Cross-Site Scripting
The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2024-8662
CVE-2024-8662: Koko Analytics for WordPress is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping in add_query_arg, affecting all versions up to and including 1.3.12. Unauthenticated attackers can cause script injection when a user is tricked into performing an action (e.g....
WordPress Koko Analytics plugin <= 1.3.12 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Koko Analytics versions = 1.3.12...
WordPress Koko Analytics Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS)
Software Koko Analytics Type Plugin Vulnerable versions = 1.3.12 Fixed in 1.3.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8662 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4c60e9c99099 Credits vgo0 Required...
PT-2024-39160 · WordPress · Koko Analytics
Name of the Vulnerable Software and Affected Versions: Koko Analytics plugin for WordPress versions prior to 1.3.13 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts in pages. This can...