The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/18b7e93f-b038-4f28-918b-4015d62f0eb8 | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/18b7e93f-b038-4f28-918b-4015d62f0eb8 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 07:38
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/18b7e93f-b038-4f28-918b-4015d62f0eb8 - Exploit, Third Party Advisory |
31 Mar 2023, 15:34
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://wpscan.com/vulnerability/18b7e93f-b038-4f28-918b-4015d62f0eb8 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:veronalabs:wp_statistics:*:*:*:*:*:wordpress:*:* |
27 Mar 2023, 17:04
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-27 16:15
Updated : 2024-11-21 07:38
NVD link : CVE-2023-0955
Mitre link : CVE-2023-0955
CVE.ORG link : CVE-2023-0955
JSON object : View
Products Affected
veronalabs
- wp_statistics
CWE
No CWE.