VYPR

Koko Analytics

by Ibericode

Source repositories

CVEs (2)

  • CVE-2026-22850Jan 19, 2026
    risk 0.00cvss epss 0.00

    Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path (`pa`) and referrer…

  • CVE-2024-8662Sep 24, 2024
    risk 0.00cvss epss 0.00

    The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary…