Veronalabs

Wp Statistics

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2026-5231

  • EPSS 0.08%
  • Veröffentlicht 17.04.2026 01:24:37
  • Zuletzt bearbeitet 17.04.2026 02:16:06

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referra...

6.5

CVE-2026-3488

  • EPSS 0.04%
  • Veröffentlicht 17.04.2026 01:24:37
  • Zuletzt bearbeitet 17.04.2026 02:16:05

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including `wp_statistics_get_filters`, `wp_statistics_getP...

7.2

CVE-2025-9816

  • EPSS 0.37%
  • Veröffentlicht 27.09.2025 05:15:30
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and...

4.3

CVE-2025-55716

  • EPSS 0.03%
  • Veröffentlicht 14.08.2025 18:21:23
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a through <= 14.15.

5.4

CVE-2025-3953

  • EPSS 0.16%
  • Veröffentlicht 30.04.2025 05:23:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14....

8.8

CVE-2023-0955

Exploit
  • EPSS 1.49%
  • Veröffentlicht 27.03.2023 16:15:09
  • Zuletzt bearbeitet 19.02.2025 20:15:34

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), ho...

8.8

CVE-2022-38074

  • EPSS 0.98%
  • Veröffentlicht 13.03.2023 14:15:12
  • Zuletzt bearbeitet 21.11.2024 07:15:43

SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.

6.5

CVE-2021-4333

  • EPSS 0.13%
  • Veröffentlicht 07.03.2023 15:15:10
  • Zuletzt bearbeitet 08.04.2026 17:16:37

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attac...

8.8

CVE-2022-4230

Exploit
  • EPSS 7.99%
  • Veröffentlicht 23.01.2023 15:15:14
  • Zuletzt bearbeitet 02.04.2025 16:15:23

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), ...

6.1

CVE-2022-27231

  • EPSS 0.31%
  • Veröffentlicht 13.06.2022 05:15:11
  • Zuletzt bearbeitet 21.11.2024 06:55:27

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logg...