Wp Statistics@* Security Vulnerabilities and Issues — Wp Statistics@* CVE List

Lucene search

VeronalabsWp Statistics*

9 matches found

CVE•added 2022/02/24 7:15 p.m.•99 views

CVE-2022-25148

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sens...

9.8CVSS9AI score0.54671EPSS

CVE•added 2022/02/24 7:15 p.m.•95 views

CVE-2022-25149

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive informa...

9.8CVSS8AI score0.75797EPSS

CVE•added 2022/02/24 7:15 p.m.•91 views

CVE-2022-0651

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain se...

9.8CVSS8AI score0.48505EPSS

CVE•added 2022/02/16 5:15 p.m.•83 views

CVE-2022-0513

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtai...

9.8CVSS7.9AI score0.31433EPSS

CVE•added 2022/02/24 7:15 p.m.•80 views

CVE-2022-25306

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when si...

7.2CVSS6.1AI score0.01102EPSS

CVE•added 2022/02/24 7:15 p.m.•73 views

CVE-2022-25305

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site adminis...

7.2CVSS6AI score0.08238EPSS

CVE•added 2022/02/24 7:15 p.m.•72 views

CVE-2022-25307

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

7.2CVSS6AI score0.01102EPSS

CVE•added 2022/06/08 10:15 a.m.•60 views

CVE-2022-1005

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters

6.1CVSS6AI score0.00317EPSS

CVE•added 2022/06/13 5:15 a.m.•58 views

CVE-2022-27231

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.

6.1CVSS6.1AI score0.00291EPSS