WordPress Visitor Statistics <=5.7 - SQL Injection

WordPress Visitor Statistics plugin through 5.7 contains multiple unauthenticated SQL injection vulnerabilities. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-33965 info:...

CVE-2025-67983

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through = 8.3...

CVE-2015-9399

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graphtrend.php type SQL injection...

CVE-2015-10001

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads...

CVE-2015-10001

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads...

Cross site scripting

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads...

CVE-2015-10001 WP-Stats < 2.5.2 - CSRF to Stored Cross-Site Scripting (XSS)

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads...

CVE-2015-10001

The CVE-2015-10001 entry concerns the WP-Stats WordPress plugin (pre-2.52). The underlying issue is the absence of CSRF checks when saving settings and incomplete escaping of output, enabling an authenticated, high-privilege user to modify settings and inject Cross-Site Scripting payloads. Affect...

CVE-2015-9399

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graphtrend.php type SQL injection...

Sql injection

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graphtrend.php type SQL injection...

CVE-2015-9399

The vulnerability CVE-2015-9399 affects the WordPress plugin wp-stats-dashboard (versions up to 2.9.4). It is an admin/graph_trend.php SQL injection, described as an authenticated vulnerability (authenticated blind SQL injection in WP‑Stats‑Dashboard

CVE-2015-9399

The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graphtrend.php type SQL injection...

WP-Stats-Dashboard <= 2.9.4 - Authenticated Blind SQL Injection

The wp-stats-dashboard WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

WordPress WP-Stats plugin has multiple vulnerabilities

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. HTML injection vulnerability and cross-site scripting vulnerability exis...

WordPress WP-Stats plugin <= 2.51 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS discovered by Sebastian Wolfgang Kraemer in WordPress WP-Stats plugin versions = 2.51. Solution Update the WordPress WP-Stats plugin to the latest available version at least 2.52...

Multiple XSS in WP-Stats-Dashboard

No description provided by source. Reference: http://www.htbridge.ch/advisory/multiplexssinwpstatsdashboard.html Product: WP-Stats-Dashboard Vendor: Dave Ligthart http://www.daveligthart.com Vulnerable Version: 2.6.5.1 and probably prior Tested on: 2.6.5.1 Vendor Notification: 27 July 2011...

WP-Stats-Dashboard 2.6.5.1 Cross Site Scripting

Vulnerability ID: HTB23035 Reference: http://www.htbridge.ch/advisory/multiplexssinwpstatsdashboard.html Product: WP-Stats-Dashboard Vendor: Dave Ligthart http://www.daveligthart.com Vulnerable Version: 2.6.5.1 and probably prior Tested on: 2.6.5.1 Vendor Notification: 27 July 2011 Vulnerability...

WordPress WP Stats Dashboard Plugin 2.6.5.1 - Multiple Cross Site Scripting Vulnerabilities

WP Stats Dashboard plugin is prone to multiple cross-site scripting vulnerabilities that fail to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...

Multiple XSS in WP-Stats-Dashboard

Vulnerability ID: HTB23035 Reference: http://www.htbridge.ch/advisory/multiplexssinwpstatsdashboard.html Product: WP-Stats-Dashboard Vendor: Dave Ligthart http://www.daveligthart.com Vulnerable Version: 2.6.5.1 and probably prior Tested on: 2.6.5.1 Vendor Notification: 27 July 2011 Vulnerability...

WordPress Plugin WP-Stats-Dashboard 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities

WordPress Plugin WP-Stats-Dashboard 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49197/info WP-Stats-Dashboard is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may...