VYPR

Wp Statistics

by WordPress

Source repositories

CVEs (29)

  • CVE-2022-4230Jan 23, 2023
    risk 0.00cvss epss 0.34

    The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a…

  • CVE-2022-27231Jun 13, 2022
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using…

  • CVE-2022-1005Jun 6, 2022
    risk 0.00cvss epss 0.01

    The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters

  • CVE-2022-25307Feb 24, 2022
    risk 0.00cvss epss 0.01

    The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages…

  • CVE-2022-25306Feb 24, 2022
    risk 0.00cvss epss 0.01

    The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages…

  • CVE-2017-18515Aug 14, 2019
    risk 0.00cvss epss 0.03

    The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.

  • CVE-2019-13275Jul 4, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.

  • CVE-2019-12566Jun 2, 2019
    risk 0.00cvss epss 0.01

    The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.

  • CVE-2019-10864Apr 23, 2019
    risk 0.00cvss epss 0.01

    The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.

Page 2 of 2