Wp Statistics vulnerabilities

CVE-2022-25149 [HIGH] CWE-89 CVE-2022-25149: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and p The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.

CVE-2022-25148 [HIGH] CWE-89 CVE-2022-25148: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and p The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1

CVE-2022-0651 [HIGH] CWE-89 CVE-2022-0651: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and p The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1

CVE-2022-25305 [MEDIUM] CWE-79 CVE-2022-25305: The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escapin The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions up to an

CVE-2022-25306 [MEDIUM] CWE-79 CVE-2022-25306: The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escapin The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in version

CVE-2022-25307 [MEDIUM] CWE-79 CVE-2022-25307: The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escapin The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site administrators view a sites statistics, in versions

CVE-2017-2136 [MEDIUM] CWE-79 CVE-2017-2136: Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attacke Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

CVE-2017-2147 [MEDIUM] CWE-79 CVE-2017-2147: Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attacke Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2017-2135 [MEDIUM] CWE-79 CVE-2017-2135: Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attacke Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.