19 matches found
CVE-2021-24340
The WordPress WP Statistics plugin (versions prior to 13.0.8) is affected by an unauthenticated time-based blind SQL injection. Root cause: the plugin used esc_sql() on a field not delimited by quotes and did not first prepare the query, with an admin page exposed to unauthenticated visitors. Imp...
CVE-2019-13275
The CVE-2019-13275 issue affects VeronaLabs wp-statistics plugin for WordPress up to version 12.6.7, where the v1/hit endpoint is vulnerable to unauthenticated blind SQL Injection when the non-default “use cache plugin” setting is enabled. Multiple connected sources (NVD, Red Hat, OSV, CNVD, etc....
CVE-2022-25148
CVE-2022-25148 (WP Statistics
CVE-2022-0651
The CVE-2022-0651 issue affects the WordPress plugin WP Statistics (versions up to 13.1.5). A SQL injection flaw exists in the current_page_type parameter, due to insufficient escaping/parameterization in the file ~/includes/class-wp-statistics-hits.php, enabling unauthenticated attackers to inje...
CVE-2022-25149
Affected software: WordPress plugin WP Statistics (versions up to 13.1.5). Component/entry point: SQL injection via improper escaping/parameterization of the IP parameter in ~/includes/class-wp-statistics-hits.php. Impact: Unauthenticated attackers can inject arbitrary SQL to obtain sensitive inf...
CVE-2022-0513
The CVE-2022-0513 issue affects the WordPress WP Statistics plugin (VeronaLabs) up to version 13.1.4, where the exclusion_reason parameter in includes/class-wp-statistics-exclusion.php is insufficiently escaped/parameterized, enabling unauthenticated SQL injection when the vulnerable site has the...
CVE-2022-25306
The CVE-2022-25306 entry concerns the WordPress WP Statistics plugin. Data from connected docs confirms a Cross-Site Scripting (XSS) vulnerability caused by insufficient escaping/sanitization of the browser parameter in ~/includes/class-wp-statistics-visitor.php, exploitable on pages that display...
CVE-2022-4230
Affected software: WordPress WP Statistics plugin
CVE-2023-0955
CVE-2023-0955 affects the WordPress WP Statistics plugin prior to version 14.0. The vulnerability is an SQL injection caused by a parameter not being escaped, with impact described as potentially affecting confidentiality, integrity, and availability. It is exploitable by authenticated users, wit...
CVE-2022-25307
The CVE-2022-25307 entry concerns the WordPress WP Statistics plugin (versions up to 13.1.5) with a Cross-Site Scripting vulnerability caused by insufficient escaping and sanitization of the platform parameter in ~/includes/class-wp-statistics-hits.php. This allows an attacker to inject arbitrary...
CVE-2022-25305
CVE-2022-25305 affects the WordPress WP Statistics plugin (versions up to 13.1.5). The vulnerability is an unauthenticated stored XSS via the IP parameter in the file includes/class-wp-statistics-ip.php, enabling attackers to inject scripts that execute when site administrators view statistics. P...
CVE-2019-12566
The CVE-2019-12566 entry concerns the WordPress WP Statistics plugin (versions up to 12.6.5). The vulnerability is an authenticated stored cross-site scripting (XSS) flaw in includes/class-wp-statistics-pages.php, exploitable when an Editor creates a post whose title contains JavaScript, with the...
CVE-2022-1005
CVE-2022-1005 affects the WordPress WP Statistics plugin prior to version 13.2.2. The root cause is failure to sanitize the REQUEST_URI parameter before echoing it in the rendered page, enabling Cross-Site Scripting (XSS) in browsers that do not encode characters. Impact is XSS in affected plugin...
CVE-2019-10864
CVE-2019-10864 affects the WordPress WP Statistics plugin (up to version 12.6.2; referenced in multiple sources up to 12.6.3). The vulnerability is a cross-site scripting (XSS) flaw that allows a remote attacker to inject arbitrary web script or HTML via the Referer header on a GET request. The O...
CVE-2022-27231
CVE-2022-27231 — WP Statistics (WordPress plugin) A cross-site scripting (XSS) vulnerability exists in WP Statistics versions prior to 13.2.0, caused by improper processing of a platform parameter. Exploitation could allow an arbitrary script to run in the web browser of a user who is logged in t...
CVE-2017-18515
CVE-2017-18515 affects the WordPress WP Statistics plugin prior to version 12.0.8, exposing an SQL injection vulnerability in that plugin (VendorFix remediation). NVD, Red Hat and OpenVAS references document the issue with CVSS/impact details and indicate upgrading to 12.0.8+ as the fix.
CVE-2022-38074
CVE-2022-38074 relates to a SQL Injection vulnerability in VeronaLabs WP Statistics plugin for WordPress (versions
CVE-2018-1000556
CVE-2018-1000556 affects WordPress version 4.8+ and describes a Cross Site Scripting (XSS) vulnerability in the implementation of the delete operation in plugins.php or core WordPress. The underlying issue enables an attacker to perform client-side attacks (e.g., cookie theft or code execution) b...
CVE-2021-4333
The CVE-2021-4333 issue affects the WordPress WP Statistics plugin (versions up to 13.1.1;