Testa din hemsida →

Wp statistics

Det finns 18 kända sårbarheter i Wp statistics.

18
Kända sårbarheter
9
Kritiska/höga
2025-09-27
Senaste sårbarhet
Använder du Wp statistics?

Kör ett gratis test och se om din hemsida är påverkad.

Testa din hemsida

Kända sårbarheter

Hög 2025-09-27

CVE-2025-9816: The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and inclu...

Påverkade versioner: all

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including,...

Medel 2025-04-30

CVE-2025-3953: The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpda...

Påverkade versioner: all

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater'...

Hög 2024-03-13

CVE-2024-2194: The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization an...

Påverkade versioner: all

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and o...

Hög 2023-03-27

CVE-2023-0955: The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to ...

Påverkade versioner: < 14.0

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to use...

Medel 2023-03-07

CVE-2021-4333: The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() funct...

Påverkade versioner: <= 13.1.1

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function...

Hög 2023-01-23

CVE-2022-4230: The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available t...

Påverkade versioner: < 13.2.9

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to u...

Medel 2022-06-08

CVE-2022-1005: The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers wh...

Påverkade versioner: < 13.2.2

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which...

Medel 2022-02-24

CVE-2022-25306: The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.p...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php...

Medel 2022-02-24

CVE-2022-25307: The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php fi...

Medel 2022-02-24

CVE-2022-25305: The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file wh...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which...

Hög 2022-02-24

CVE-2022-25149: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file whi...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which...

Kritisk 2022-02-24

CVE-2022-25148: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.ph...

Hög 2022-02-24

CVE-2022-0651: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hi...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits....

Hög 2022-02-16

CVE-2022-0513: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exc...

Påverkade versioner: <= 13.1.4

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclus...

Hög 2021-06-07

CVE-2021-24340: The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, whi...

Påverkade versioner: < 13.0.8

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which...

Låg 2019-06-03

CVE-2019-12566: The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that ...

Påverkade versioner: <= 12.6.5

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that con...

Medel 2019-04-23

CVE-2019-10864: The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.

Påverkade versioner: <= 12.6.2

The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.

Medel 2017-07-07

CVE-2017-10991: The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.

Påverkade versioner: <= 12.0.9

The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.

Vår rekommendation

Håll tillägget uppdaterat. De flesta sårbarheter åtgärdas snabbt av utvecklarna.

Ta bort tillägg du inte använder. Varje tillägg är en potentiell attackyta.

Testa din hemsida regelbundet. Automatisk bevakning fångar problem tidigt.

Andra tillägg med kända sårbarheter

Newsletter 50 sårb. Elementor 50 sårb. Classified 49 sårb. Gutenberg 49 sårb. Royal elementor addons 49 sårb. Ninja forms 48 sårb.