PT-2026-43537

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostats manage function. This makes it possible for unauthenticated attackers to update the plugin's...

CVE-2025-13513

The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-13513

The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-13513 Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-13513

CVE-2025-13513 refers to the WordPress plugin Clik stats, where versions up to and including 0.8 are vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] parameter due to insufficient input sanitization and output escaping. The vulnerability can allow unauthenticated attacker...

Missing Authorization

Overview org.jenkins-ci.plugins:global-build-stats is a global-build-stats plugin Affected versions of this package are vulnerable to Missing Authorization via the REST API endpoints, which do not perform permission checks. An attacker can enumerate graph IDs by sending requests with only...

CVE-2025-58459

The CVE concerns Jenkins global-build-stats Plugin, affected versions 322.v22f4db_18e2dd and earlier, which do not perform permission checks in REST API endpoints. This allows attackers with Overall/Read permissions to enumerate graph IDs, indicating a disclosure/enumeration risk without exploita...

CVE-2015-10001

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads...

WordPress plugin WP Show Stats 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-22289 WordPress Post views Stats plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CyberNetikz Post views Stats post-views-stats allows DOM-Based XSS.This issue affects Post views Stats: from n/a through = 1.4.1...

CVE-2022-44738 WordPress Posts and Users Stats plugin 1.1.3 - CSV Injection vulnerability

A vulnerability in Patrick Robrecht Posts and Users Stats posts-and-users-stats.This issue affects Posts and Users Stats: from n/a through = 1.1.3...

CVE-2023-45005

CVE-2023-45005 affects Castos Seriously Simple Stats plugin for WordPress (versions

CVE-2023-45011

Cross-Site Request Forgery CSRF vulnerability in Igor Buyanov WP Power Stats plugin = 2.2.3 versions...

WordPress plugin ExactMetrics cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Code injection

A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely...

org.jenkins-ci.plugins:project-build-times (>=1.0 <=1.2.1), org.jenkins-ci.plugins:project-stats-plugin (>=0.1 <=0.4) potentially affected by CVE-2019-10396 via org.jenkins-ci.plugins:dashboard-view (>=2.0 <=2.0.2)

org.jenkins-ci.plugins:dashboard-view MAVEN version =2.0, =1.0, =0.1, =0.4 Source cves: CVE-2019-10396 Source advisory: OSV:GHSA-FV4Q-4H24-23QR...

org.jenkins-ci.plugins:project-build-times (>=1.0 <=1.2.1), org.jenkins-ci.plugins:project-stats-plugin (>=0.1 <=0.4) potentially affected by CVE-2022-27197 via org.jenkins-ci.plugins:dashboard-view (>=2.0 <=2.0.2)

org.jenkins-ci.plugins:dashboard-view MAVEN version =2.0, =1.0, =0.1, =0.4 Source cves: CVE-2022-27197 Source advisory: OSV:GHSA-6FG4-36V7-XV32...

OESA-2021-1437 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server...

UBUNTU-CVE-2021-43082

Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0...

CVE-2015-10001

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads...