WordPress WP Online Users Stats plugin <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter vulnerability

Authenticated Editor+ SQL Injection via tablename Parameter vulnerability discovered by rajanhoyr in WordPress Plugin WP Online Users Stats versions = 1.0.0...

EUVD-2025-10759

Malicious code in bioql PyPI...

EUVD-2022-47670

Malicious code in bioql PyPI...

CVE-2025-4966

The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hkdatasetresults function. This makes it possible for unauthenticated attackers to inject malicious web script...

CVE-2025-4964

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tablename’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2025-4964

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tablename’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2025-4964 WP Online Users Stats <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tablename’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

CVE-2025-4964 WP Online Users Stats <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tablename’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

WordPress plugin WP Online Users Stats SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress plugin WP Online Users Stats 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-24032 · WordPress · Wp Online Users Stats

Name of the Vulnerable Software and Affected Versions: WP Online Users Stats plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation within the hk dataset results function. This allows unauthenticate...

PT-2025-24031 · WordPress · Wp Online Users Stats

Name of the Vulnerable Software and Affected Versions: WP Online Users Stats plugin for WordPress versions up to and including 1.0.0 Description: The issue allows authenticated attackers with Editor-level access or higher to inject additional SQL queries into existing ones, potentially extracting...

CVE-2022-44738

Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats.This issue affects Posts and Users Stats: from n/a through 1.1.3...

CVE-2025-32603

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through = 1.0.0...

CVE-2025-32603

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through = 1.0.0...

CVE-2025-32603 WordPress WP Online Users Stats plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through = 1.0.0...

CVE-2025-32603

CVE-2025-32603 describes an unauthenticated SQL Injection in the WordPress plugin WP Online Users Stats (affected: 1.0.0 and earlier). The CVSSv3.1 base score is 9.3 (CRITICAL) with network attack vector, low attack complexity, and no user interaction. Impact indicators: High confidentiality impa...

CVE-2025-32603 WordPress WP Online Users Stats plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HK WP Online Users Stats allows Blind SQL Injection. This issue affects WP Online Users Stats: from n/a through 1.0.0...

WordPress plugin WP Online Users Stats SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2025-16083 · WordPress · Wp Online Users Stats

Name of the Vulnerable Software and Affected Versions: WP Online Users Stats versions prior to 1.0.0 Description: The issue is related to the improper neutralization of special elements used in an SQL command, allowing for Blind SQL Injection. This can be exploited through API endpoints, although...