VYPR

WP Online Users Stats

by WordPress

CVEs (3)

  • CVE-2025-32603CriApr 11, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through <= 1.0.0.

  • CVE-2025-4966MedJun 6, 2025
    risk 0.40cvss 6.1epss 0.00

    The WP Online Users Stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation within the hk_dataset_results() function. This makes it possible for unauthenticated attackers to…

  • CVE-2025-4964MedJun 6, 2025
    risk 0.32cvss 4.9epss 0.00

    The WP Online Users Stats plugin for WordPress is vulnerable to time-based SQL Injection via the ‘table_name’ parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…