Veronalabs

Wp Statistics

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-9816

  • EPSS 0.19%
  • Veröffentlicht 27.09.2025 05:15:30
  • Zuletzt bearbeitet 29.09.2025 19:34:10

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and...

4.3

CVE-2025-55716

  • EPSS 0.05%
  • Veröffentlicht 14.08.2025 18:21:23
  • Zuletzt bearbeitet 15.08.2025 13:12:51

Missing Authorization vulnerability in VeronaLabs WP Statistics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Statistics: from n/a through 14.15.

6.5

CVE-2025-3953

  • EPSS 0.04%
  • Veröffentlicht 30.04.2025 05:23:09
  • Zuletzt bearbeitet 02.05.2025 13:53:40

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14....

8.8

CVE-2023-0955

Exploit
  • EPSS 0.59%
  • Veröffentlicht 27.03.2023 16:15:09
  • Zuletzt bearbeitet 19.02.2025 20:15:34

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), ho...

8.8

CVE-2022-38074

  • EPSS 0.51%
  • Veröffentlicht 13.03.2023 14:15:12
  • Zuletzt bearbeitet 21.11.2024 07:15:43

SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.

6.5

CVE-2021-4333

  • EPSS 0.07%
  • Veröffentlicht 07.03.2023 15:15:10
  • Zuletzt bearbeitet 21.11.2024 06:37:26

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attac...

8.8

CVE-2022-4230

Exploit
  • EPSS 21.61%
  • Veröffentlicht 23.01.2023 15:15:14
  • Zuletzt bearbeitet 02.04.2025 16:15:23

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), ...

6.1

CVE-2022-27231

  • EPSS 0.31%
  • Veröffentlicht 13.06.2022 05:15:11
  • Zuletzt bearbeitet 21.11.2024 06:55:27

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logg...

6.1

CVE-2022-1005

Exploit
  • EPSS 0.34%
  • Veröffentlicht 08.06.2022 10:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:50

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters

6.1

CVE-2022-25306

Exploit
  • EPSS 1.16%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:57

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary we...