← Back

Veronalabs

veronalabs

29 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Wp Statistics
wp_statistics
19 CVEs
Wp Sms
wp_sms
10 CVEs

CVEs (29)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-0651
1Veronalabs
1Wp Statistics
Jun 17, 2026
Feb 24, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allow...Show more
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.Show less
CVE-2022-0513
1Veronalabs
1Wp Statistics
Jun 17, 2026
Feb 16, 2022
N/A· v4
7.5 HIGH· v3
4.3 MEDIUM· v2
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which a...Show more
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.4. This requires the "Record Exclusions" option to be enabled on the vulnerable site.Show less
CVE-2021-24561
1Veronalabs
1Wp Sms
Jun 17, 2026
Aug 23, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue
CVE-2021-24340
1Veronalabs
1Wp Statistics
Jun 17, 2026
Jun 7, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been acc...Show more
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.Show less
CVE-2017-18515
1Veronalabs
1Wp Statistics
Nov 21, 2024
Aug 14, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
CVE-2019-13275
1Veronalabs
1Wp Statistics
Jun 17, 2026
Jul 4, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated bli...Show more
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.Show less
CVE-2019-12566
1Veronalabs
1Wp Statistics
Jun 17, 2026
Jun 3, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to...Show more
The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.Show less
CVE-2019-10864
1Veronalabs
1Wp Statistics
Jun 17, 2026
Apr 23, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.
CVE-2018-1000556
1Veronalabs
1Wp Statistics
Nov 21, 2024
Jun 26, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing...Show more
WordPress version 4.8 + contains a Cross Site Scripting (XSS) vulnerability in plugins.php or core wordpress on delete function that can result in An attacker can perform client side attacks which could be from stealing a cookie to code injection. This attack appear to be exploitable via an attacker must craft an URL with payload and send to the user. Victim need to open the link to be affected by reflected XSS. .Show less