219 matches found
EUVD-2017-11318
Malware in sbrugna...
EUVD-2019-4160
Malware in sbrugna...
EUVD-2022-29990
Malicious code in bioql PyPI...
EUVD-2022-31740
Malicious code in bioql PyPI...
EUVD-2022-40677
Malicious code in bioql PyPI...
CVE-2025-9816
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-9816
CVE-2025-9816 : WP Statistics for WordPress is affected by unauthenticated Stored Cross‑Site Scripting via the User‑Agent header in all versions up to 14.5.4. Root cause: insufficient input sanitization and output escaping. Impact: arbitrary script injection executed when users load injected page...
CVE-2025-9816 WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and output escaping. This makes it possible for...
PT-2025-39709
Name of the Vulnerable Software and Affected Versions WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin versions through 14.5.4 Description The software is susceptible to Stored Cross-Site Scripting through the User-Agent Header due to inadequate input sanitization and output...
CVE-2025-55716
CVE-2025-55716 concerns the WordPress plugin WP Statistics (versions up to 14.15). The issue is described as a Missing Authorization vulnerability due to incorrectly configured access control levels, enabling unauthorized actions without user interaction. The CVSS 3.1 base metrics indicate a Netw...
WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin WP Statistics versions = 14.15...
PT-2025-33403 · WordPress · Wp Statistics
Name of the Vulnerable Software and Affected Versions: WP Statistics versions through 14.15 Description: Missing authorization allows exploiting incorrectly configured access control security levels in WP Statistics. Recommendations: At the moment, there is no information about a newer version th...
CVE-2022-4230
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...
CVE-2022-1005
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUESTURI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting XSS in web browsers which do not encode characters...
CVE-2021-24340
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress escsql function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including...
CVE-2017-10991
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wpsreferrerspage page...
CVE-2019-12566
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user...
CVE-2025-3953
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated...
CVE-2025-3953
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated...
CVE-2025-3953 WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated...