Skip to main content

Wp Statistics

20 CVEs product

Monthly

CVE-2023-0955 HIGH POC This Week

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Statistics
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-38074 HIGH This Week

SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Statistics
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-4333 MEDIUM PATCH This Month

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Statistics
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-27231 MEDIUM This Month

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-1005 MEDIUM POC This Month

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Statistics
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-25307 MEDIUM POC PATCH This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Wp Statistics
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-25306 MEDIUM POC PATCH This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Wp Statistics
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-25305 MEDIUM POC PATCH THREAT This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress Wp Statistics
NVD GitHub
CVSS 3.1
6.1
EPSS
78.9%
CVE-2022-25149 HIGH POC PATCH THREAT This Week

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress Wp Statistics
NVD GitHub
CVSS 3.1
7.5
EPSS
78.0%
CVE-2022-25148 CRITICAL POC PATCH THREAT Act Now

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress Wp Statistics
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
80.9%
CVE-2022-0651 HIGH POC PATCH THREAT This Week

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress Wp Statistics
NVD GitHub
CVSS 3.1
7.5
EPSS
33.0%
CVE-2021-24340 HIGH POC THREAT This Week

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Statistics
NVD WPScan
CVSS 3.1
7.5
EPSS
29.8%
CVE-2019-13275 CRITICAL POC PATCH Act Now

An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Wp Statistics
NVD GitHub
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-12566 MEDIUM POC PATCH This Month

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress PHP Wp Statistics
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2019-10864 MEDIUM PATCH This Month

The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Statistics
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-1000556 MEDIUM POC This Month

WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Wp Statistics
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2017-10991 MEDIUM This Month

The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Statistics
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-2147 MEDIUM This Month

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2136 MEDIUM This Month

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2017-2135 MEDIUM This Month

Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
CVSS 3.0
6.1
EPSS
0.3%
EPSS 1% CVSS 8.8
HIGH POC This Week

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Statistics
NVD WPScan
EPSS 1% CVSS 7.1
HIGH This Week

SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Statistics
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Statistics
NVD VulDB
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Statistics
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress +1
NVD GitHub
EPSS 79% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS WordPress +1
NVD GitHub
EPSS 78% CVSS 7.5
HIGH POC PATCH THREAT This Week

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress +1
NVD GitHub
EPSS 81% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress +1
NVD GitHub Exploit-DB
EPSS 33% CVSS 7.5
HIGH POC PATCH THREAT This Week

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi WordPress +1
NVD GitHub
EPSS 30% CVSS 7.5
HIGH POC THREAT This Week

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Statistics
NVD WPScan
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi WordPress Wp Statistics
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress PHP +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Statistics
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Statistics
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Statistics
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy