113 matches found
CVE-2026-48839
CVE-2026-48839 affects the WordPress WP Statistics plugin
Exploit for CVE-2026-8181
CVE-2026-8181 — Burst Statistics 3.4.0 – 3.4.1.1 — Authenticat...
Exploit for CVE-2026-8181
CVE-2026-8181 exploit Burst Statistics WordPress Plugin —...
Exploit for CVE-2026-8181
CVE-2026-8181 - Burst Statistics Authentication Bypass Exploit...
Exploit for CVE-2026-8181
EN: Controlled PoC and brief technical notes for authorized secu...
Exploit for CVE-2026-8181
CVE-2026-8181 — Burst Statistics Authentication Bypass to Admi...
CVE-2026-8181 Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover
The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...
VulnCheck KEV: CVE-2026-8181
The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...
WordPress plugin Burst Statistics – Privacy-Friendly WordPress Analytics 授权问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...
WordPress WP Statistics plugin <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via 'utmsource' Parameter vulnerability discovered by daroo in WordPress Plugin WP Statistics versions = 14.16.4...
CVE-2026-5231
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...
EUVD-2026-23342
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...
PT-2026-33392
The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wp statistics get filters, wp statistics getPrivacyStatus, wp statistics updatePrivacyStatus, a...
WordPress plugin WP Statistics 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
VulnCheck KEV: CVE-2026-5231
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utmsource' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw utmsource value into the...
WordPress plugin WP Statistics 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2017-18515
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection...
PT-2025-49005
The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...
EUVD-2019-4160
Malware in sbrugna...
EUVD-2017-9631
Malware in sbrugna...