Lucene search
K
VeronalabsWp Statistics

19 matches found

CVE
CVE
added 2021/06/07 10:49 a.m.219 views

CVE-2021-24340

The WordPress WP Statistics plugin (versions prior to 13.0.8) is affected by an unauthenticated time-based blind SQL injection. Root cause: the plugin used esc_sql() on a field not delimited by quotes and did not first prepare the query, with an admin page exposed to unauthenticated visitors. Imp...

7.5CVSS7.6AI score0.29776EPSS
Web
CVE
CVE
added 2019/07/04 6:51 p.m.195 views

CVE-2019-13275

The CVE-2019-13275 issue affects VeronaLabs wp-statistics plugin for WordPress up to version 12.6.7, where the v1/hit endpoint is vulnerable to unauthenticated blind SQL Injection when the non-default “use cache plugin” setting is enabled. Multiple connected sources (NVD, Red Hat, OSV, CNVD, etc....

9.8CVSS9.6AI score0.02605EPSS
Web
CVE
CVE
added 2022/02/24 12:0 a.m.141 views

CVE-2022-25148

CVE-2022-25148 (WP Statistics

9.8CVSS9AI score0.81363EPSS
Web
CVE
CVE
added 2022/02/24 6:27 p.m.118 views

CVE-2022-0651

The CVE-2022-0651 issue affects the WordPress plugin WP Statistics (versions up to 13.1.5). A SQL injection flaw exists in the current_page_type parameter, due to insufficient escaping/parameterization in the file ~/includes/class-wp-statistics-hits.php, enabling unauthenticated attackers to inje...

9.8CVSS8AI score0.3298EPSS
Web
CVE
CVE
added 2022/02/24 6:27 p.m.117 views

CVE-2022-25149

Affected software: WordPress plugin WP Statistics (versions up to 13.1.5). Component/entry point: SQL injection via improper escaping/parameterization of the IP parameter in ~/includes/class-wp-statistics-hits.php. Impact: Unauthenticated attackers can inject arbitrary SQL to obtain sensitive inf...

9.8CVSS8AI score0.77956EPSS
Web
CVE
CVE
added 2022/02/16 4:38 p.m.96 views

CVE-2022-0513

The CVE-2022-0513 issue affects the WordPress WP Statistics plugin (VeronaLabs) up to version 13.1.4, where the exclusion_reason parameter in includes/class-wp-statistics-exclusion.php is insufficiently escaped/parameterized, enabling unauthenticated SQL injection when the vulnerable site has the...

9.8CVSS7.9AI score0.5346EPSS
Web
CVE
CVE
added 2022/02/24 6:27 p.m.96 views

CVE-2022-25306

The CVE-2022-25306 entry concerns the WordPress WP Statistics plugin. Data from connected docs confirms a Cross-Site Scripting (XSS) vulnerability caused by insufficient escaping/sanitization of the browser parameter in ~/includes/class-wp-statistics-visitor.php, exploitable on pages that display...

7.2CVSS6.1AI score0.01357EPSS
Web
CVE
CVE
added 2023/01/23 2:31 p.m.95 views

CVE-2022-4230

Affected software: WordPress WP Statistics plugin

8.8CVSS8.9AI score0.35679EPSS
Web
CVE
CVE
added 2023/03/27 3:37 p.m.95 views

CVE-2023-0955

CVE-2023-0955 affects the WordPress WP Statistics plugin prior to version 14.0. The vulnerability is an SQL injection caused by a parameter not being escaped, with impact described as potentially affecting confidentiality, integrity, and availability. It is exploitable by authenticated users, wit...

8.8CVSS8.9AI score0.00898EPSS
Web
CVE
CVE
added 2022/02/24 6:27 p.m.94 views

CVE-2022-25307

The CVE-2022-25307 entry concerns the WordPress WP Statistics plugin (versions up to 13.1.5) with a Cross-Site Scripting vulnerability caused by insufficient escaping and sanitization of the platform parameter in ~/includes/class-wp-statistics-hits.php. This allows an attacker to inject arbitrary...

7.2CVSS6AI score0.01357EPSS
Web
CVE
CVE
added 2022/02/24 6:27 p.m.90 views

CVE-2022-25305

CVE-2022-25305 affects the WordPress WP Statistics plugin (versions up to 13.1.5). The vulnerability is an unauthenticated stored XSS via the IP parameter in the file includes/class-wp-statistics-ip.php, enabling attackers to inject scripts that execute when site administrators view statistics. P...

7.2CVSS6AI score0.78905EPSS
CVE
CVE
added 2019/06/02 11:34 p.m.85 views

CVE-2019-12566

The CVE-2019-12566 entry concerns the WordPress WP Statistics plugin (versions up to 12.6.5). The vulnerability is an authenticated stored cross-site scripting (XSS) flaw in includes/class-wp-statistics-pages.php, exploitable when an Editor creates a post whose title contains JavaScript, with the...

5.4CVSS5.2AI score0.01109EPSS
CVE
CVE
added 2022/06/06 8:50 a.m.77 views

CVE-2022-1005

CVE-2022-1005 affects the WordPress WP Statistics plugin prior to version 13.2.2. The root cause is failure to sanitize the REQUEST_URI parameter before echoing it in the rendered page, enabling Cross-Site Scripting (XSS) in browsers that do not encode characters. Impact is XSS in affected plugin...

6.1CVSS6AI score0.00857EPSS
Web
CVE
CVE
added 2019/04/23 5:42 p.m.73 views

CVE-2019-10864

CVE-2019-10864 affects the WordPress WP Statistics plugin (up to version 12.6.2; referenced in multiple sources up to 12.6.3). The vulnerability is a cross-site scripting (XSS) flaw that allows a remote attacker to inject arbitrary web script or HTML via the Referer header on a GET request. The O...

6.1CVSS6.2AI score0.01391EPSS
CVE
CVE
added 2022/06/13 4:50 a.m.73 views

CVE-2022-27231

CVE-2022-27231 — WP Statistics (WordPress plugin) A cross-site scripting (XSS) vulnerability exists in WP Statistics versions prior to 13.2.0, caused by improper processing of a platform parameter. Exploitation could allow an arbitrary script to run in the web browser of a user who is logged in t...

6.1CVSS6.1AI score0.00969EPSS
CVE
CVE
added 2019/08/14 1:27 p.m.66 views

CVE-2017-18515

CVE-2017-18515 affects the WordPress WP Statistics plugin prior to version 12.0.8, exposing an SQL injection vulnerability in that plugin (VendorFix remediation). NVD, Red Hat and OpenVAS references document the issue with CVSS/impact details and indicate upgrading to 12.0.8+ as the fix.

9.8CVSS9.9AI score0.02529EPSS
CVE
CVE
added 2023/03/13 1:43 p.m.52 views

CVE-2022-38074

CVE-2022-38074 relates to a SQL Injection vulnerability in VeronaLabs WP Statistics plugin for WordPress (versions

8.8CVSS9.1AI score0.00731EPSS
CVE
CVE
added 2018/06/26 4:0 p.m.50 views

CVE-2018-1000556

CVE-2018-1000556 affects WordPress version 4.8+ and describes a Cross Site Scripting (XSS) vulnerability in the implementation of the delete operation in plugins.php or core WordPress. The underlying issue enables an attacker to perform client-side attacks (e.g., cookie theft or code execution) b...

6.1CVSS6.2AI score0.00707EPSS
CVE
CVE
added 2023/03/07 2:53 p.m.41 views

CVE-2021-4333

The CVE-2021-4333 issue affects the WordPress WP Statistics plugin (versions up to 13.1.1;

6.5CVSS6.1AI score0.00375EPSS