Vulnerabilities > Veronalabs

DATE CVE VULNERABILITY TITLE RISK
2019-08-14 CVE-2017-18515 SQL Injection vulnerability in Veronalabs WP Statistics
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
network
low complexity
veronalabs CWE-89
critical
9.8
2019-07-04 CVE-2019-13275 SQL Injection vulnerability in Veronalabs WP Statistics
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress.
network
low complexity
veronalabs CWE-89
critical
9.8
2019-06-03 CVE-2019-12566 Cross-site Scripting vulnerability in Veronalabs WP Statistics
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php.
network
low complexity
veronalabs CWE-79
5.4
2019-04-23 CVE-2019-10864 Cross-site Scripting vulnerability in Veronalabs WP Statistics
The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.
network
low complexity
veronalabs CWE-79
6.1
2018-06-26 CVE-2018-1000556 Cross-site Scripting vulnerability in Veronalabs WP Statistics
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection.
network
low complexity
veronalabs CWE-79
6.1