CVE-2022-25307

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when sit...

WordPress plugin WP Visitor Statistics 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2024-56250 WordPress Just Writing Statistics plugin <= 4.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Greg Ross Just Writing Statistics just-writing-statistics allows SQL Injection.This issue affects Just Writing Statistics: from n/a through = 4.7...

The vulnerability of the WP Statistics plugin in the WordPress content management system allows a hacker to execute cross-site scripting attacks.

The vulnerability of the WP Statistics plugin for the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability could allow a malicious actor to execute cross-site scripting XSS attacks...

VulnCheck KEV: CVE-2024-2194

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress Plugin Burst Statistics Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin WP Statistics Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-0405 Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', a...

CVE-2023-5761

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 free and versions 1.4.0 to 1.5.0 pro due to insufficient escaping on the user supplied parameter and lack of sufficient...

Sql injection

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 free and versions 1.4.0 to 1.5.0 pro due to insufficient escaping on the user supplied parameter and lack of sufficient...

CVE-2023-45605

Cross-Site Request Forgery CSRF vulnerability in Christopher Finke Feed Statistics plugin = 4.1 versions...

CVE-2023-0600

The WP Visitor Statistics Real Time Traffic WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks...

WordPress plugin WP Statistics SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

CVE-2021-4333 WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

CVE-2021-4333 WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

WordPress plugin The WP Statistics SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

WP Statistics Plugin for WordPress < 12.0.6 Cross-site Scripting

The WordPress WP Statistics Plugin installed on the remote host is affected by a Cross-site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.6 / 2.361.3.4 Multiple Vulnerabilities (CloudBees Security Advisory 2022-11-15)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.6 or 2.x prior to 2.361.3.4. It is, therefore, affected by multiple vulnerabilities including the following: - CVE-2022-38751 on snakeyaml fixed train 2.346.x.0.z BEE-237...

CVE-2022-45398

A cross-site request forgery CSRF vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...