Burstbv Burst Statistics Privacy-Friendly Wordpress Analytics vulnerabilities
3 known vulnerabilities affecting burstbv/burst_statistics_privacy-friendly_wordpress_analytics.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-8181P1CRITICALCVSS 9.8ExploitedPoC≥ 3.4.0, ≤ 3.4.1.12026-05-14
CVE-2026-8181 [CRITICAL] CWE-287 CVE-2026-8181: The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin fo
The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when validating application passwords from the Authorization header. This makes
nvd
CVE-2024-0405P3MEDIUMCVSS 6.5≤ 1.5.32024-01-17
CVE-2024-0405 [MEDIUM] CWE-89 CVE-2024-0405: The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insuffi
nvd
CVE-2024-1894P4MEDIUMCVSS 5.4≤ 1.5.6.12024-03-13
CVE-2024-1894 [MEDIUM] CWE-79 CVE-2024-1894: The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable t
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent
nvd