Veronalabs

Wp Statistics

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-25307

Exploit
  • EPSS 1.16%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:58

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web ...

6.1

CVE-2022-25305

Exploit
  • EPSS 3.93%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:57

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts ...

7.5

CVE-2022-25149

Exploit
  • EPSS 73.38%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:41

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject ...

5

CVE-2022-25148

Exploit
  • EPSS 48.46%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:41

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authenticati...

7.5

CVE-2022-0651

Exploit
  • EPSS 66.9%
  • Veröffentlicht 24.02.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:06

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentica...

7.5

CVE-2022-0513

Exploit
  • EPSS 30.45%
  • Veröffentlicht 16.02.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 06:38:48

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authen...

7.5

CVE-2021-24340

Exploit
  • EPSS 83.26%
  • Veröffentlicht 07.06.2021 11:15:16
  • Zuletzt bearbeitet 21.11.2024 05:52:52

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only,...

9.8

CVE-2017-18515

  • EPSS 7.86%
  • Veröffentlicht 14.08.2019 14:15:14
  • Zuletzt bearbeitet 21.11.2024 03:20:17

The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.

9.8

CVE-2019-13275

Exploit
  • EPSS 1.26%
  • Veröffentlicht 04.07.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 04:24:36

An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.

5.4

CVE-2019-12566

Exploit
  • EPSS 0.33%
  • Veröffentlicht 03.06.2019 00:29:00
  • Zuletzt bearbeitet 21.11.2024 04:23:06

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.