Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wp statistics vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-24867
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a up to and including 6.9.4.
NA
CVE-2024-2194
The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to in...
NA
CVE-2024-0405
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'devic...
Burst-statistics Burst Statistics
NA
CVE-2023-0600
The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
Plugins-market Wp Visitor Statistics
NA
CVE-2023-0955
The WP Statistics WordPress plugin prior to 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a setti...
Veronalabs Wp Statistics
NA
CVE-2022-38074
SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.
Veronalabs Wp Statistics
NA
CVE-2021-4333
The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated malicious users to activate and dea...
Veronalabs Wp Statistics
NA
CVE-2022-4656
The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Plugins-market Wp Visitor Statistics
NA
CVE-2022-4230
The WP Statistics WordPress plugin prior to 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a set...
Veronalabs Wp Statistics
NA
CVE-2022-33965
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.
Plugins-market Wp Visitor Statistics
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »