Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 2:10 a.m.7 views

CVE-2022-25149

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

9.8CVSS7.6AI score0.77956EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/02/24 6:27 p.m.12 views

CVE-2022-25149 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via IP

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

9.8CVSS9.8AI score0.77956EPSS
Exploits1References3
CVE
CVE
added 2022/02/24 6:27 p.m.120 views

CVE-2022-25149

Affected software: WordPress plugin WP Statistics (versions up to 13.1.5). Component/entry point: SQL injection via improper escaping/parameterization of the IP parameter in ~/includes/class-wp-statistics-hits.php. Impact: Unauthenticated attackers can inject arbitrary SQL to obtain sensitive inf...

9.8CVSS8AI score0.77956EPSS
Exploits1References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2014/05/26 12:0 a.m.162 views

SQL Servers Time-based SQL Injection (CVE-2011-4710; CVE-2019-13978; CVE-2019-16065; CVE-2019-16119; CVE-2019-16383; CVE-2019-16692; CVE-2020-15468; CVE-2020-26518; CVE-2020-29284; CVE-2021-21915; CVE-2021-21916; CVE-2021-21917; CVE-2022-23337; CVE-2022-25149)

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

9CVSS7.4AI score0.77956EPSS
Exploits33
Rows per page
Query Builder