Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wp statistics wp statistics vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-2135
Cross-site scripting vulnerability in WP Statistics version 12.0.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wp-statistics Wp Statistics
6.1
CVSSv3
CVE-2017-2136
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
Wp Statistics Wp Statistics
6.1
CVSSv3
CVE-2017-2147
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wp-statistics Wp Statistics
6.1
CVSSv3
CVE-2017-10991
The WP Statistics plugin up to and including 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.
Wp-statistics Wp Statistics
8.8
CVSSv3
CVE-2022-0410
The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection
Wp Visitor Statistics Project Wp Visitor Statistics
8.8
CVSSv3
CVE-2021-24750
The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attac...
Wp Visitor Statistics (real Time Traffic) Project Wp Visitor Statistics (real Time Traffic)
8.8
CVSSv3
CVE-2022-38074
SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.
Veronalabs Wp Statistics
5.4
CVSSv3
CVE-2019-12566
The WP Statistics plugin up to and including 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.
Veronalabs Wp Statistics
6.1
CVSSv3
CVE-2022-1005
The WP Statistics WordPress plugin prior to 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters
Veronalabs Wp Statistics
9.8
CVSSv3
CVE-2017-18515
The wp-statistics plugin prior to 12.0.8 for WordPress has SQL injection.
Veronalabs Wp Statistics
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »