Veronalabs Wp Statistics — known CVE vulnerabilities
Every CVE whose affected-product data names Veronalabs Wp Statistics, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2022-0513 — CVSS 9.8 (critical): The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason…
CVE-2022-25149 — CVSS 9.8 (critical): The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter…
CVE-2022-25148 — CVSS 9.8 (critical): The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id…
CVE-2019-13275 — CVSS 9.8 (critical): An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the…
CVE-2022-0651 — CVSS 9.8 (critical): The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the…
CVE-2023-0955 — CVSS 8.8 (high): The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection…
CVE-2022-4230 — CVSS 8.8 (high): The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL…
CVE-2021-24340 — CVSS 7.5 (high): The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and…
CVE-2022-25306 — CVSS 7.2 (high): The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser…
CVE-2022-25305 — CVSS 7.2 (high): The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter…
CVE-2022-25307 — CVSS 7.2 (high): The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform…
CVE-2021-4333 — CVSS 6.5 (medium): The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to…
CVE-2018-1000556 — CVSS 6.1 (medium): WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can…
CVE-2022-27231 — CVSS 6.1 (medium): Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter…
CVE-2022-1005 — CVSS 6.1 (medium): The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered…
CVE-2019-10864 — CVSS 6.1 (medium): The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the…
CVE-2019-12566 — CVSS 5.4 (medium): The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an…