Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-07	CVE-2021-4333	Unspecified vulnerability in Veronalabs WP Statistics The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. network low complexity veronalabs	6.5
2022-06-13	CVE-2022-27231	Cross-site Scripting vulnerability in Veronalabs WP Statistics Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. network low complexity veronalabs CWE-79	6.1
2022-06-08	CVE-2022-1005	Unspecified vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters network low complexity veronalabs	6.1
2022-02-24	CVE-2022-25305	Cross-site Scripting vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. network low complexity veronalabs CWE-79	6.1
2022-02-24	CVE-2022-25306	Cross-site Scripting vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. network low complexity veronalabs CWE-79	6.1
2022-02-24	CVE-2022-25307	Cross-site Scripting vulnerability in Veronalabs WP Statistics The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to and including 13.1.5. network low complexity veronalabs CWE-79	6.1
2019-06-03	CVE-2019-12566	Cross-site Scripting vulnerability in Veronalabs WP Statistics The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. network low complexity veronalabs CWE-79	5.4
2019-04-23	CVE-2019-10864	Cross-site Scripting vulnerability in Veronalabs WP Statistics The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request. network low complexity veronalabs CWE-79	6.1
2018-06-26	CVE-2018-1000556	Cross-site Scripting vulnerability in Veronalabs WP Statistics WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. network low complexity veronalabs CWE-79	6.1