Lucene search

K
VeronalabsWp Statistics

7 matches found

CVE
CVE
added 2019/07/04 7:15 p.m.148 views

CVE-2019-13275

An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.

9.8CVSS9.6AI score0.01256EPSS
CVE
CVE
added 2022/02/24 7:15 p.m.100 views

CVE-2022-25148

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sens...

9.8CVSS9AI score0.54671EPSS
CVE
CVE
added 2022/02/24 7:15 p.m.95 views

CVE-2022-25149

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive informa...

9.8CVSS8AI score0.75797EPSS
CVE
CVE
added 2022/02/24 7:15 p.m.91 views

CVE-2022-0651

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain se...

9.8CVSS8AI score0.48505EPSS
CVE
CVE
added 2022/02/16 5:15 p.m.83 views

CVE-2022-0513

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtai...

9.8CVSS7.9AI score0.31433EPSS
CVE
CVE
added 2019/08/14 2:15 p.m.52 views

CVE-2017-18515

The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.

9.8CVSS9.9AI score0.07859EPSS
CVE
CVE
added 2023/03/13 2:15 p.m.35 views

CVE-2022-38074

SQL Injection vulnerability in VeronaLabs WP Statistics plugin

9.9CVSS9.1AI score0.00408EPSS