Burst-Statistics Burst Statistics vulnerabilities
3 known vulnerabilities affecting burst-statistics/burst_statistics.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-5761P3HIGHCVSS 7.5≥ 1.4.0, < 1.5.0≥ 1.4.0, < 1.5.12023-12-07
CVE-2023-5761 [HIGH] CWE-89 CVE-2023-5761: The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable t
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f
nvd
CVE-2024-0405P3MEDIUMCVSS 6.5fixed in 1.5.32024-01-17
CVE-2024-0405 [MEDIUM] CWE-89 CVE-2024-0405: The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insuffi
nvd
CVE-2024-1894P4MEDIUMCVSS 5.4fixed in 1.5.72024-03-13
CVE-2024-1894 [MEDIUM] CWE-79 CVE-2024-1894: The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable t
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent
nvd