Wp Statistics Security Vulnerabilities and Issues — Wp Statistics CVE List

Lucene search

VeronalabsWp Statistics

7 matches found

CVE•added 2022/02/24 7:15 p.m.•99 views

CVE-2022-25148

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sens...

9.8CVSS9AI score0.54671EPSS

CVE•added 2022/02/24 7:15 p.m.•95 views

CVE-2022-25149

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive informa...

9.8CVSS8AI score0.75797EPSS

CVE•added 2022/02/24 7:15 p.m.•91 views

CVE-2022-0651

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain se...

9.8CVSS8AI score0.48505EPSS

CVE•added 2022/02/16 5:15 p.m.•83 views

CVE-2022-0513

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtai...

9.8CVSS7.9AI score0.31433EPSS

CVE•added 2022/02/24 7:15 p.m.•80 views

CVE-2022-25306

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when si...

7.2CVSS6.1AI score0.01102EPSS

CVE•added 2022/02/24 7:15 p.m.•73 views

CVE-2022-25305

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site adminis...

7.2CVSS6AI score0.08238EPSS

CVE•added 2022/02/24 7:15 p.m.•72 views

CVE-2022-25307

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

7.2CVSS6AI score0.01102EPSS