Vulnerabilities > Veronalabs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-28 | CVE-2023-27447 | Information Exposure vulnerability in Veronalabs WP SMS Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4. | 7.5 |
| 2023-03-27 | CVE-2023-0955 | Unspecified vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. | 8.8 |
| 2023-03-13 | CVE-2022-38074 | Unspecified vulnerability in Veronalabs WP Statistics SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. | 8.8 |
| 2023-01-23 | CVE-2022-4230 | SQL Injection vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. | 8.8 |
| 2022-02-24 | CVE-2022-0651 | SQL Injection vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | 7.5 |
| 2022-02-24 | CVE-2022-25149 | SQL Injection vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5. | 7.5 |
| 2022-02-16 | CVE-2022-0513 | SQL Injection vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.4. | 7.5 |
| 2021-06-07 | CVE-2021-24340 | Unspecified vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. | 7.5 |