Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-10759

Malicious code in bioql PyPI...

9.3CVSS9.1AI score0.00505EPSS
Exploits0References2
NVD
NVD
added 2025/06/06 7:15 a.m.10 views

CVE-2025-4964

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tablename’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

4.9CVSS0.00315EPSS
Exploits0References3
NVD
NVD
added 2025/06/06 7:15 a.m.9 views

CVE-2025-4966

The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hkdatasetresults function. This makes it possible for unauthenticated attackers to inject malicious web script...

6.1CVSS0.0014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/06/06 6:42 a.m.6 views

CVE-2025-4964 WP Online Users Stats <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tablename’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

4.9CVSS7.6AI score0.00315EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/06 6:42 a.m.13 views

CVE-2025-4964 WP Online Users Stats <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter

The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tablename’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

4.9CVSS0.00315EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.7 views

PT-2025-24032 · WordPress · Wp Online Users Stats

Name of the Vulnerable Software and Affected Versions: WP Online Users Stats plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation within the hk dataset results function. This allows unauthenticate...

6.1CVSS6AI score0.0014EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.6 views

PT-2025-24031 · WordPress · Wp Online Users Stats

Name of the Vulnerable Software and Affected Versions: WP Online Users Stats plugin for WordPress versions up to and including 1.0.0 Description: The issue allows authenticated attackers with Editor-level access or higher to inject additional SQL queries into existing ones, potentially extracting...

4.9CVSS6.9AI score0.00315EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/04/13 9:35 a.m.30 views

CVE-2025-32603

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through = 1.0.0...

9.3CVSS7.3AI score0.00505EPSS
Exploits0References1
NVD
NVD
added 2025/04/11 9:15 a.m.11 views

CVE-2025-32603

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through = 1.0.0...

9.3CVSS0.00505EPSS
Exploits0References1
CVE
CVE
added 2025/04/11 8:42 a.m.60 views

CVE-2025-32603

CVE-2025-32603 describes an unauthenticated SQL Injection in the WordPress plugin WP Online Users Stats (affected: 1.0.0 and earlier). The CVSSv3.1 base score is 9.3 (CRITICAL) with network attack vector, low attack complexity, and no user interaction. Impact indicators: High confidentiality impa...

9.3CVSS7.3AI score0.00505EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/11 8:42 a.m.8 views

CVE-2025-32603 WordPress WP Online Users Stats plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HK WP Online Users Stats allows Blind SQL Injection. This issue affects WP Online Users Stats: from n/a through 1.0.0...

9.3CVSS9.6AI score0.00505EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/11 8:42 a.m.20 views

CVE-2025-32603 WordPress WP Online Users Stats plugin <= 1.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through = 1.0.0...

9.3CVSS0.00505EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/11 12:0 a.m.8 views

PT-2025-16083 · WordPress · Wp Online Users Stats

Name of the Vulnerable Software and Affected Versions: WP Online Users Stats versions prior to 1.0.0 Description: The issue is related to the improper neutralization of special elements used in an SQL command, allowing for Blind SQL Injection. This can be exploited through API endpoints, although...

9.3CVSS9.6AI score0.00505EPSS
Exploits0References7
Rows per page
Query Builder