Vulnerabilities > Burst Statistics > Burst Statistics > 1.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-13 | CVE-2024-1894 | Cross-site Scripting vulnerability in Burst-Statistics Burst Statistics The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-01-17 | CVE-2024-0405 | SQL Injection vulnerability in Burst-Statistics Burst Statistics The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. | 6.5 |