Lucene search
K

219 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-11318

Malware in sbrugna...

6.1CVSS6.2AI score0.01678EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-4160

Malware in sbrugna...

5.4CVSS5.5AI score0.01109EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-29990

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.01357EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-31740

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00969EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-40677

Malicious code in bioql PyPI...

9.9CVSS8.6AI score0.00731EPSS
Exploits0References1
NVD
NVD
added 2025/09/27 5:15 a.m.6 views

CVE-2025-9816

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.09051EPSS
Exploits0References2
CVE
CVE
added 2025/09/27 4:26 a.m.29 views

CVE-2025-9816

CVE-2025-9816 : WP Statistics for WordPress is affected by unauthenticated Stored Cross‑Site Scripting via the User‑Agent header in all versions up to 14.5.4. Root cause: insufficient input sanitization and output escaping. Impact: arbitrary script injection executed when users load injected page...

7.2CVSS4.9AI score0.09051EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/27 4:26 a.m.14 views

CVE-2025-9816 WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.09051EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/27 12:0 a.m.6 views

PT-2025-39709

Name of the Vulnerable Software and Affected Versions WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin versions through 14.5.4 Description The software is susceptible to Stored Cross-Site Scripting through the User-Agent Header due to inadequate input sanitization and output...

7.2CVSS5.8AI score0.09051EPSS
Exploits0References9
CVE
CVE
added 2025/08/14 6:21 p.m.20 views

CVE-2025-55716

CVE-2025-55716 concerns the WordPress plugin WP Statistics (versions up to 14.15). The issue is described as a Missing Authorization vulnerability due to incorrectly configured access control levels, enabling unauthorized actions without user interaction. The CVSS 3.1 base metrics indicate a Netw...

4.3CVSS5.9AI score0.00181EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/08/14 2:38 p.m.9 views

WordPress WP Statistics Plugin <= 14.15 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Denver Jackson in WordPress Plugin WP Statistics versions = 14.15...

4.3CVSS6.7AI score0.00181EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.6 views

PT-2025-33403 · WordPress · Wp Statistics

Name of the Vulnerable Software and Affected Versions: WP Statistics versions through 14.15 Description: Missing authorization allows exploiting incorrectly configured access control security levels in WP Statistics. Recommendations: At the moment, there is no information about a newer version th...

4.3CVSS7AI score0.00181EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 12:0 a.m.14 views

CVE-2022-4230

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

8.8CVSS7.7AI score0.35679EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:18 p.m.7 views

CVE-2022-1005

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUESTURI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting XSS in web browsers which do not encode characters...

6.1CVSS5.8AI score0.00857EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.12 views

CVE-2021-24340

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress escsql function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including...

7.5CVSS6.9AI score0.29776EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:1 a.m.10 views

CVE-2017-10991

The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wpsreferrerspage page...

6.1CVSS6.2AI score0.0076EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:33 a.m.8 views

CVE-2019-12566

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user...

5.4CVSS5.8AI score0.01109EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/02 6:47 a.m.8 views

CVE-2025-3953

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated...

6.5CVSS6.6AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2025/04/30 6:15 a.m.27 views

CVE-2025-3953

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated...

5.4CVSS0.00226EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/30 5:23 a.m.4 views

CVE-2025-3953 WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated...

5.4CVSS6.2AI score0.00226EPSS
Exploits0References3
Rows per page
Query Builder