Vulnerabilities > Veronalabs > WP Statistics > 12.1.3

DATE CVE VULNERABILITY TITLE RISK
2022-02-24 CVE-2022-25306 Cross-site Scripting vulnerability in Veronalabs WP Statistics
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.
network
veronalabs CWE-79
4.3
4.3
2022-02-24 CVE-2022-25307 Cross-site Scripting vulnerability in Veronalabs WP Statistics
The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5.
network
veronalabs CWE-79
4.3
4.3
2022-02-16 CVE-2022-0513 SQL Injection vulnerability in Veronalabs WP Statistics
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.4.
network
veronalabs CWE-89
4.3
4.3
2021-06-07 CVE-2021-24340 SQL Injection vulnerability in Veronalabs WP Statistics
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query.
network
low complexity
veronalabs CWE-89
5.0
5.0
2019-07-04 CVE-2019-13275 SQL Injection vulnerability in Veronalabs WP Statistics
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress.
network
low complexity
veronalabs CWE-89
7.5
7.5
2019-06-03 CVE-2019-12566 Cross-site Scripting vulnerability in Veronalabs WP Statistics
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php.
network
veronalabs CWE-79
3.5
3.5
2019-04-23 CVE-2019-10864 Cross-site Scripting vulnerability in Veronalabs WP Statistics
The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.
network
low complexity
veronalabs CWE-79
6.1
6.1