Product
veronalabs wp statistics
23 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-0955
CVE-2022-38074
CVE-2021-4333
CVE-2022-4230
CVE-2022-27231
CVE-2022-1005
CVE-2022-25307
CVE-2022-25306
CVE-2022-25305
CVE-2022-25149
CVE-2022-25148
CVE-2022-0651
CVE-2022-0513
CVE-2021-24340
CVE-2017-18515
CVE-2019-13275
CVE-2019-12566
CVE-2019-10864
CVE-2018-1000556
CVE-2017-10991
CVE-2017-2147
CVE-2017-2136
CVE-2017-2135
< 14.0
The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL I
< 13.2.11
SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.
<= 13.1.1
The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This
< 13.2.9
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL
< 13.2.0
Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform par
< 13.2.2
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rend
<= 13.1.5
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the plat
<= 13.1.5
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the brow
<= 13.1.5
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP p
<= 13.1.5
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP para
<= 13.1.5
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current
<= 13.1.5
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current
<= 13.1.4
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusi
< 13.0.8
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quot
< 12.0.8
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
<= 12.6.6
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when t
<= 12.6.5
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to
<= 12.6.2
The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML v
< 12.0.6
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function th
<= 12.0.9
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page
<= 12.0.4
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web scr
<= 12.0.4
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web scr
<= 12.0.1
Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web scr