Wp Statistics
CVE-2022-38074
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.
AnalysisAI
SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. Affected products include: Veronalabs Wp Statistics.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Wp Statistics
View allThe WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of t
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. Rated critical severity (CVS
The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to per
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of t
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of t
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimit
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back i
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization o
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization o
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization o
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete f
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. Rated me
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today