Lucene search
K

8 matches found

CVE
CVE
added 2021/06/07 10:49 a.m.222 views

CVE-2021-24340

The WordPress WP Statistics plugin (versions prior to 13.0.8) is affected by an unauthenticated time-based blind SQL injection. Root cause: the plugin used esc_sql() on a field not delimited by quotes and did not first prepare the query, with an admin page exposed to unauthenticated visitors. Imp...

7.5CVSS7.6AI score0.29776EPSS
CVE
CVE
added 2023/03/27 3:37 p.m.97 views

CVE-2023-0955

CVE-2023-0955 affects the WordPress WP Statistics plugin prior to version 14.0. The vulnerability is an SQL injection caused by a parameter not being escaped, with impact described as potentially affecting confidentiality, integrity, and availability. It is exploitable by authenticated users, wit...

8.8CVSS8.9AI score0.00898EPSS
CVE
CVE
added 2023/01/23 2:31 p.m.96 views

CVE-2022-4230

Affected software: WordPress WP Statistics plugin

8.8CVSS8.9AI score0.35679EPSS
CVE
CVE
added 2022/06/06 8:50 a.m.77 views

CVE-2022-1005

CVE-2022-1005 affects the WordPress WP Statistics plugin prior to version 13.2.2. The root cause is failure to sanitize the REQUEST_URI parameter before echoing it in the rendered page, enabling Cross-Site Scripting (XSS) in browsers that do not encode characters. Impact is XSS in affected plugin...

6.1CVSS6AI score0.00857EPSS
CVE
CVE
added 2022/06/13 4:50 a.m.76 views

CVE-2022-27231

CVE-2022-27231 — WP Statistics (WordPress plugin) A cross-site scripting (XSS) vulnerability exists in WP Statistics versions prior to 13.2.0, caused by improper processing of a platform parameter. Exploitation could allow an arbitrary script to run in the web browser of a user who is logged in t...

6.1CVSS6.1AI score0.00969EPSS
CVE
CVE
added 2019/08/14 1:27 p.m.70 views

CVE-2017-18515

CVE-2017-18515 affects the WordPress WP Statistics plugin prior to version 12.0.8, exposing an SQL injection vulnerability in that plugin (VendorFix remediation). NVD, Red Hat and OpenVAS references document the issue with CVSS/impact details and indicate upgrading to 12.0.8+ as the fix.

9.8CVSS9.9AI score0.02529EPSS
CVE
CVE
added 2018/06/26 4:0 p.m.53 views

CVE-2018-1000556

CVE-2018-1000556 affects WordPress version 4.8+ and describes a Cross Site Scripting (XSS) vulnerability in the implementation of the delete operation in plugins.php or core WordPress. The underlying issue enables an attacker to perform client-side attacks (e.g., cookie theft or code execution) b...

6.1CVSS6.2AI score0.00707EPSS
CVE
CVE
added 2023/03/13 1:43 p.m.53 views

CVE-2022-38074

CVE-2022-38074 relates to a SQL Injection vulnerability in VeronaLabs WP Statistics plugin for WordPress (versions

8.8CVSS9.1AI score0.00731EPSS