Veronalabs

Wp Statistics

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2026-48839

  • EPSS 0.21%
  • Veröffentlicht 01.06.2026 14:43:29
  • Zuletzt bearbeitet 01.06.2026 16:41:55

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP Statistics allows DOM-Based XSS. This issue affects WP Statistics: from n/a through 14.16.6.

7.2

CVE-2026-5231

  • EPSS 0.48%
  • Veröffentlicht 17.04.2026 01:24:37
  • Zuletzt bearbeitet 22.04.2026 20:22:50

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referra...

6.5

CVE-2026-3488

  • EPSS 0.31%
  • Veröffentlicht 17.04.2026 01:24:37
  • Zuletzt bearbeitet 22.04.2026 20:22:50

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including `wp_statistics_get_filters`, `wp_statistics_getP...

7.2

CVE-2025-9816

  • EPSS 9.05%
  • Veröffentlicht 27.09.2025 05:15:30
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and...

4.3

CVE-2025-55716

  • EPSS 0.18%
  • Veröffentlicht 14.08.2025 18:21:23
  • Zuletzt bearbeitet 23.04.2026 15:32:56

Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a through <= 14.15.

5.4

CVE-2025-3953

  • EPSS 0.22%
  • Veröffentlicht 30.04.2025 05:23:09
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14....

8.8

CVE-2023-0955

Exploit
  • EPSS 0.9%
  • Veröffentlicht 27.03.2023 16:15:09
  • Zuletzt bearbeitet 19.02.2025 20:15:34

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), ho...

8.8

CVE-2022-38074

  • EPSS 0.73%
  • Veröffentlicht 13.03.2023 14:15:12
  • Zuletzt bearbeitet 28.04.2026 19:18:41

SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.

6.5

CVE-2021-4333

  • EPSS 0.38%
  • Veröffentlicht 07.03.2023 15:15:10
  • Zuletzt bearbeitet 08.04.2026 17:16:37

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attac...

8.8

CVE-2022-4230

Exploit
  • EPSS 34.27%
  • Veröffentlicht 23.01.2023 15:15:14
  • Zuletzt bearbeitet 02.04.2025 16:15:23

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), ...