Wp Statistics
by WordPress
Source repositories
CVEs (29)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-4230 | 0.00 | — | 0.34 | Jan 23, 2023 | The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a… | |||
| CVE-2022-27231 | 0.00 | — | 0.01 | Jun 13, 2022 | Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using… | |||
| CVE-2022-1005 | 0.00 | — | 0.01 | Jun 6, 2022 | The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters | |||
| CVE-2022-25307 | 0.00 | — | 0.01 | Feb 24, 2022 | The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages… | |||
| CVE-2022-25306 | 0.00 | — | 0.01 | Feb 24, 2022 | The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages… | |||
| CVE-2017-18515 | 0.00 | — | 0.03 | Aug 14, 2019 | The wp-statistics plugin before 12.0.8 for WordPress has SQL injection. | |||
| CVE-2019-13275 | 0.00 | — | 0.03 | Jul 4, 2019 | An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection. | |||
| CVE-2019-12566 | 0.00 | — | 0.01 | Jun 2, 2019 | The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user. | |||
| CVE-2019-10864 | 0.00 | — | 0.01 | Apr 23, 2019 | The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request. |
- CVE-2022-4230Jan 23, 2023risk 0.00cvss —epss 0.34
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a…
- CVE-2022-27231Jun 13, 2022risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using…
- CVE-2022-1005Jun 6, 2022risk 0.00cvss —epss 0.01
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters
- CVE-2022-25307Feb 24, 2022risk 0.00cvss —epss 0.01
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages…
- CVE-2022-25306Feb 24, 2022risk 0.00cvss —epss 0.01
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages…
- CVE-2017-18515Aug 14, 2019risk 0.00cvss —epss 0.03
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
- CVE-2019-13275Jul 4, 2019risk 0.00cvss —epss 0.03
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.
- CVE-2019-12566Jun 2, 2019risk 0.00cvss —epss 0.01
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.
- CVE-2019-10864Apr 23, 2019risk 0.00cvss —epss 0.01
The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.
Page 2 of 2