cbcvebase.

Burstbv Burst Statistics Privacy-Friendly Wordpress Analytics vulnerabilities

3 known vulnerabilities affecting burstbv/burst_statistics_privacy-friendly_wordpress_analytics.

Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-8181P1CRITICALCVSS 9.8ExploitedPoC≥ 3.4.0, ≤ 3.4.1.12026-05-14
CVE-2026-8181 [CRITICAL] CWE-287 CVE-2026-8181: The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin fo The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when validating application passwords from the Authorization header. This makes
nvd
CVE-2024-0405P3MEDIUMCVSS 6.5≤ 1.5.32024-01-17
CVE-2024-0405 [MEDIUM] CWE-89 CVE-2024-0405: The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insuffi
nvd
CVE-2024-1894P4MEDIUMCVSS 5.4≤ 1.5.6.12024-03-13
CVE-2024-1894 [MEDIUM] CWE-79 CVE-2024-1894: The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable t The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent
nvd
Burstbv Burst Statistics Privacy-Friendly Wordpress Analytics vulnerabilities | cvebase