Veronalabs

Wp Statistics

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-1005

Exploit
  • EPSS 0.34%
  • Veröffentlicht 08.06.2022 10:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:50

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters

6.1

CVE-2022-25307

Exploit
  • EPSS 1.16%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:58

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web ...

6.1

CVE-2022-25306

Exploit
  • EPSS 1.67%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:57

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary we...

6.1

CVE-2022-25305

Exploit
  • EPSS 7.88%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:57

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts ...

7.5

CVE-2022-25149

Exploit
  • EPSS 76.26%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:41

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject ...

5

CVE-2022-25148

Exploit
  • EPSS 57.76%
  • Veröffentlicht 24.02.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:51:41

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authenticati...

7.5

CVE-2022-0651

Exploit
  • EPSS 69.38%
  • Veröffentlicht 24.02.2022 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:39:06

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentica...

7.5

CVE-2022-0513

Exploit
  • EPSS 30.45%
  • Veröffentlicht 16.02.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 06:38:48

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authen...

7.5

CVE-2021-24340

Exploit
  • EPSS 83.21%
  • Veröffentlicht 07.06.2021 11:15:16
  • Zuletzt bearbeitet 21.11.2024 05:52:52

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only,...

9.8

CVE-2017-18515

  • EPSS 7.86%
  • Veröffentlicht 14.08.2019 14:15:14
  • Zuletzt bearbeitet 21.11.2024 03:20:17

The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.