Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wp-statistics wp statistics vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-2135
Cross-site scripting vulnerability in WP Statistics version 12.0.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wp-statistics Wp Statistics
6.1
CVSSv3
CVE-2017-2136
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
Wp Statistics Wp Statistics
6.1
CVSSv3
CVE-2017-2147
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Wp-statistics Wp Statistics
6.1
CVSSv3
CVE-2017-10991
The WP Statistics plugin up to and including 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.
Wp-statistics Wp Statistics
8.8
CVSSv3
CVE-2022-38074
SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.
Veronalabs Wp Statistics
5.4
CVSSv3
CVE-2019-12566
The WP Statistics plugin up to and including 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.
Veronalabs Wp Statistics
6.1
CVSSv3
CVE-2022-1005
The WP Statistics WordPress plugin prior to 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters
Veronalabs Wp Statistics
9.8
CVSSv3
CVE-2017-18515
The wp-statistics plugin prior to 12.0.8 for WordPress has SQL injection.
Veronalabs Wp Statistics
6.1
CVSSv3
CVE-2018-1000556
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploit...
Veronalabs Wp Statistics
8.8
CVSSv3
CVE-2023-0955
The WP Statistics WordPress plugin prior to 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a setti...
Veronalabs Wp Statistics
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »