VYPR

Wp Statistics

by Wp Statistics

Source repositories

CVEs (15)

  • CVE-2022-25148CriFeb 24, 2022
    risk 0.73cvss 9.8epss 0.81

    The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL…

  • CVE-2022-25149CriFeb 24, 2022
    risk 0.70cvss 9.8epss 0.78

    The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to…

  • CVE-2022-0651CriFeb 24, 2022
    risk 0.66cvss 9.8epss 0.33

    The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL…

  • CVE-2022-25305HigFeb 24, 2022
    risk 0.53cvss 7.2epss 0.81

    The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that…

  • CVE-2022-25307HigFeb 24, 2022
    risk 0.47cvss 7.2epss 0.01

    The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages…

  • CVE-2022-25306HigFeb 24, 2022
    risk 0.47cvss 7.2epss 0.01

    The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages…

  • CVE-2026-5231HigApr 17, 2026
    risk 0.40cvss 7.2epss 0.00

    The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input sanitization and output escaping. The plugin's referral parser copies the raw…

  • CVE-2018-1000556MedJun 26, 2018
    risk 0.40cvss 6.1epss 0.01

    WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be…

  • CVE-2017-10991MedJul 7, 2017
    risk 0.40cvss 6.1epss 0.01

    The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.

  • CVE-2017-2147MedApr 28, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2017-2136MedApr 28, 2017
    risk 0.40cvss 6.1epss 0.03

    Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

  • CVE-2017-2135MedApr 28, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2025-3953MedApr 30, 2025
    risk 0.28cvss 5.4epss 0.00

    The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it…

  • CVE-2008-6294Feb 26, 2009
    risk 0.03cvss epss 0.03

    admin/Index.php in Acc Statistics 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie cookie to "admin."

  • CVE-2019-10864MedApr 23, 2019
    risk 0.00cvss 6.1epss 0.01

    The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.