Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wp statistics vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-0513
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary S...
Veronalabs Wp Statistics
6.5
CVSSv2
CVE-2021-24750
The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attac...
Wp Visitor Statistics \\(real Time Traffic\\) Project Wp Visitor Statistics \\(real Time Traffic\\)
6.5
CVSSv2
CVE-2021-24829
The Visitor Traffic Real Time Statistics WordPress plugin prior to 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue
Wp-buy Visitor Traffic Real Time Statistics
5
CVSSv2
CVE-2021-24340
The WP Statistics WordPress plugin prior to 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any v...
Veronalabs Wp Statistics
6.5
CVSSv2
CVE-2021-24193
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin prior to 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arb...
Wp-buy Visitor Traffic Real Time Statistics
6.8
CVSSv2
CVE-2019-15831
The visitors-traffic-real-time-statistics plugin prior to 1.12 for WordPress has CSRF in the settings page.
Wp-buy Visitor Traffic Real Time Statistics
6.8
CVSSv2
CVE-2019-15832
The visitors-traffic-real-time-statistics plugin prior to 1.13 for WordPress has CSRF.
Wp-buy Visitor Traffic Real Time Statistics
7.5
CVSSv2
CVE-2017-18515
The wp-statistics plugin prior to 12.0.8 for WordPress has SQL injection.
Veronalabs Wp Statistics
7.5
CVSSv2
CVE-2019-13275
An issue exists in the VeronaLabs wp-statistics plugin prior to 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.
Veronalabs Wp Statistics
3.5
CVSSv2
CVE-2019-12566
The WP Statistics plugin up to and including 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.
Veronalabs Wp Statistics
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »