219 matches found
Sql injection
SQL Injection vulnerability in VeronaLabs WP Statistics plugin = 13.2.10 versions...
CVE-2022-38074
CVE-2022-38074 relates to a SQL Injection vulnerability in VeronaLabs WP Statistics plugin for WordPress (versions
CVE-2022-38074 WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection
SQL Injection vulnerability in VeronaLabs WP Statistics plugin = 13.2.10 versions...
WordPress plugin WP Statistics SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP...
CVE-2021-4333
The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...
CVE-2021-4333
The CVE-2021-4333 issue affects the WordPress WP Statistics plugin (versions up to 13.1.1;
CVE-2021-4333 WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation
The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...
CVE-2021-4333 WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation
The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...
WordPress plugin WP Statistics 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery vulnerabili...
WP Statistics < 14.0 - Authenticated SQLi
The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. PoC...
WP Statistics < 14.0 - Authenticated SQLi
The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. Log...
WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection
Software WP Statistics Type Plugin Vulnerable versions = 13.2.10 Fixed in 13.2.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-38074 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 7a7be43a0e11 Credits Rafie Muhammad Patchstack Required privilege...
WP Statistics < 13.2.11 - Subscriber+ SQLi
The plugin does not properly sanitise and escape some parameters before using them in SQL statements, leading to a SQL injection exploitable by users with a role as low as subscriber...
CVE-2022-4230
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...
Sql injection
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...
CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...
CVE-2022-4230 WP Statistics < 13.2.9 - Authenticated SQLi
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low...
CVE-2022-4230
Affected software: WordPress WP Statistics plugin
WP Statistics < 13.2.9 - Authenticated SQLi
The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. PoC...
WordPress WP Statistics Plugin SQL Injection (CVE-2022-0513)
An SQL injection vulnerability exists in WordPress WP Statistics plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...