Lucene search
K

219 matches found

Prion
Prion
added 2023/03/13 2:15 p.m.28 views

Sql injection

SQL Injection vulnerability in VeronaLabs WP Statistics plugin = 13.2.10 versions...

6.5CVSS9.1AI score0.00731EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/03/13 1:43 p.m.53 views

CVE-2022-38074

CVE-2022-38074 relates to a SQL Injection vulnerability in VeronaLabs WP Statistics plugin for WordPress (versions

8.8CVSS9.1AI score0.00731EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/13 1:43 p.m.41 views

CVE-2022-38074 WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection

SQL Injection vulnerability in VeronaLabs WP Statistics plugin = 13.2.10 versions...

7.1CVSS10AI score0.00731EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.6 views

WordPress plugin WP Statistics SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP...

8.8CVSS8.1AI score0.00731EPSS
Exploits0References2
OSV
OSV
added 2023/03/07 3:15 p.m.5 views

CVE-2021-4333

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

6.5CVSS5.7AI score0.00375EPSS
Exploits0References2
CVE
CVE
added 2023/03/07 2:53 p.m.42 views

CVE-2021-4333

The CVE-2021-4333 issue affects the WordPress WP Statistics plugin (versions up to 13.1.1;

6.5CVSS6.1AI score0.00375EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/03/07 2:53 p.m.29 views

CVE-2021-4333 WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

6.5CVSS6.3AI score0.00375EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/07 2:53 p.m.12 views

CVE-2021-4333 WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

6.5CVSS6.7AI score0.00375EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.7 views

WordPress plugin WP Statistics 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery vulnerabili...

6.5CVSS6.5AI score0.00375EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/03/06 12:0 a.m.25 views

WP Statistics < 14.0 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. PoC...

8.8CVSS8.9AI score0.00898EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/03/06 12:0 a.m.123 views

WP Statistics < 14.0 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. Log...

8.8CVSS9.1AI score0.00898EPSS
Exploits2
Patchstack
Patchstack
added 2023/01/31 12:0 a.m.13 views

WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection

Software WP Statistics Type Plugin Vulnerable versions = 13.2.10 Fixed in 13.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-38074 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 7a7be43a0e11 Credits Rafie Muhammad Patchstack Required privilege...

9.9CVSS6.8AI score0.00731EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/31 12:0 a.m.26 views

WP Statistics < 13.2.11 - Subscriber+ SQLi

The plugin does not properly sanitise and escape some parameters before using them in SQL statements, leading to a SQL injection exploitable by users with a role as low as subscriber...

9.9CVSS2.9AI score0.00731EPSS
Exploits0Affected Software1
NVD
NVD
added 2023/01/23 3:15 p.m.24 views

CVE-2022-4230

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

8.8CVSS8.9AI score0.35679EPSS
Exploits2References1
Prion
Prion
added 2023/01/23 3:15 p.m.18 views

Sql injection

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

6.5CVSS8.8AI score0.35679EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/01/23 2:31 p.m.21 views

CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

8.8CVSS7.3AI score0.35679EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2023/01/23 2:31 p.m.10 views

CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...

8AI score0.35679EPSS
Exploits2References1
CVE
CVE
added 2023/01/23 2:31 p.m.96 views

CVE-2022-4230

Affected software: WordPress WP Statistics plugin

8.8CVSS8.9AI score0.35679EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/27 12:0 a.m.47 views

WP Statistics < 13.2.9 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. PoC...

8.8CVSS1AI score0.35679EPSS
Exploits2Affected Software1
Check Point Advisories
Check Point Advisories
added 2022/10/31 12:0 a.m.33 views

WordPress WP Statistics Plugin SQL Injection (CVE-2022-0513)

An SQL injection vulnerability exists in WordPress WP Statistics plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...

4.3CVSS3.2AI score0.5346EPSS
Exploits3
Rows per page
Query Builder