Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
veronalabs wp statistics vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-25306
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows malicious users to inject arbitrary web scripts onto several p...
Veronalabs Wp Statistics
5
CVSSv2
CVE-2022-0651
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL q...
Veronalabs Wp Statistics
4.3
CVSSv2
CVE-2022-0513
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary S...
Veronalabs Wp Statistics
5
CVSSv2
CVE-2021-24340
The WP Statistics WordPress plugin prior to 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any v...
Veronalabs Wp Statistics
7.5
CVSSv2
CVE-2017-18515
The wp-statistics plugin prior to 12.0.8 for WordPress has SQL injection.
Veronalabs Wp Statistics
7.5
CVSSv2
CVE-2019-13275
An issue exists in the VeronaLabs wp-statistics plugin prior to 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.
Veronalabs Wp Statistics
3.5
CVSSv2
CVE-2019-12566
The WP Statistics plugin up to and including 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.
Veronalabs Wp Statistics
4.3
CVSSv2
CVE-2019-10864
The WP Statistics plugin up to and including 12.6.2 for WordPress has XSS, allowing a remote malicious user to inject arbitrary web script or HTML via the Referer header of a GET request.
Veronalabs Wp Statistics
4.3
CVSSv2
CVE-2018-1000556
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploit...
Veronalabs Wp Statistics
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2