Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wp statistics vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-18515
The wp-statistics plugin prior to 12.0.8 for WordPress has SQL injection.
Veronalabs Wp Statistics
7.5
CVSSv2
CVE-2019-13275
An issue exists in the VeronaLabs wp-statistics plugin prior to 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.
Veronalabs Wp Statistics
6.8
CVSSv2
CVE-2019-15831
The visitors-traffic-real-time-statistics plugin prior to 1.12 for WordPress has CSRF in the settings page.
Wp-buy Visitor Traffic Real Time Statistics
6.8
CVSSv2
CVE-2019-15832
The visitors-traffic-real-time-statistics plugin prior to 1.13 for WordPress has CSRF.
Wp-buy Visitor Traffic Real Time Statistics
6.5
CVSSv2
CVE-2022-0410
The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection
Wp Visitor Statistics Project Wp Visitor Statistics
6.5
CVSSv2
CVE-2021-24750
The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attac...
Wp Visitor Statistics (real Time Traffic) Project Wp Visitor Statistics (real Time Traffic)
6.5
CVSSv2
CVE-2021-24829
The Visitor Traffic Real Time Statistics WordPress plugin prior to 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue
Wp-buy Visitor Traffic Real Time Statistics
6.5
CVSSv2
CVE-2021-24193
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin prior to 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arb...
Wp-buy Visitor Traffic Real Time Statistics
5
CVSSv2
CVE-2022-25148
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL que...
Veronalabs Wp Statistics
5
CVSSv2
CVE-2022-25149
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtai...
Veronalabs Wp Statistics
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »