Veronalabs

Wp Statistics

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-27231

  • EPSS 0.96%
  • Veröffentlicht 13.06.2022 05:15:11
  • Zuletzt bearbeitet 21.11.2024 06:55:27

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logg...

6.1

CVE-2022-1005

Exploit
  • EPSS 0.86%
  • Veröffentlicht 08.06.2022 10:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:50

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters

6.1

CVE-2022-25307

Exploit
  • EPSS 1.36%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:58

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web ...

6.1

CVE-2022-25306

Exploit
  • EPSS 1.36%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:57

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary we...

6.1

CVE-2022-25305

Exploit
  • EPSS 81.16%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:57

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts ...

7.5

CVE-2022-25149

Exploit
  • EPSS 77.96%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:41

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject ...

5

CVE-2022-25148

Exploit
  • EPSS 81.36%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:41

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authenticati...

7.5

CVE-2022-0651

Exploit
  • EPSS 32.98%
  • Veröffentlicht 24.02.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:06

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentica...

7.5

CVE-2022-0513

Exploit
  • EPSS 53.61%
  • Veröffentlicht 16.02.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 06:38:48

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authen...

7.5

CVE-2021-24340

Exploit
  • EPSS 26.93%
  • Veröffentlicht 07.06.2021 11:15:16
  • Zuletzt bearbeitet 21.11.2024 05:52:52

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only,...