3 matches found
CVE-2022-4230
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...
CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...
CVE-2022-4230
Affected software: WordPress WP Statistics plugin