Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wp statistics vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-0513
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary S...
Veronalabs Wp Statistics
580
VMScore
CVE-2021-24750
The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attac...
Wp Visitor Statistics \\(real Time Traffic\\) Project Wp Visitor Statistics \\(real Time Traffic\\)
578
VMScore
CVE-2021-24829
The Visitor Traffic Real Time Statistics WordPress plugin prior to 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue
Wp-buy Visitor Traffic Real Time Statistics
445
VMScore
CVE-2021-24340
The WP Statistics WordPress plugin prior to 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any v...
Veronalabs Wp Statistics
578
VMScore
CVE-2021-24193
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin prior to 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arb...
Wp-buy Visitor Traffic Real Time Statistics
605
VMScore
CVE-2019-15831
The visitors-traffic-real-time-statistics plugin prior to 1.12 for WordPress has CSRF in the settings page.
Wp-buy Visitor Traffic Real Time Statistics
605
VMScore
CVE-2019-15832
The visitors-traffic-real-time-statistics plugin prior to 1.13 for WordPress has CSRF.
Wp-buy Visitor Traffic Real Time Statistics
668
VMScore
CVE-2017-18515
The wp-statistics plugin prior to 12.0.8 for WordPress has SQL injection.
Veronalabs Wp Statistics
668
VMScore
CVE-2019-13275
An issue exists in the VeronaLabs wp-statistics plugin prior to 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.
Veronalabs Wp Statistics
312
VMScore
CVE-2019-12566
The WP Statistics plugin up to and including 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.
Veronalabs Wp Statistics
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »