Testa din hemsida →
WP Statistics – Simple, privacy-friendly Google Analytics alternative ikon

WP Statistics – Simple, privacy-friendly Google Analytics alternative

4.1/5
600 000+ installationer

Get website traffic insights with GDPR/CCPA compliant, privacy-friendly analytics. Includes visitor data, stunning graphs, and no data sharing.

21
Kända sårbarheter
10
Kritiska / höga
2025-09-27
Senaste sårbarhet
600 000+
Aktiva installationer

Om WP Statistics – Simple, privacy-friendly Google Analytics alternative

WP Statistics är ett populärt WordPress-tillägg som erbjuder ett integritetsvänligt alternativ till Google Analytics. Tillägget samlar in besöksstatistik direkt på din webbplats utan att dela data med tredje part, vilket gör det GDPR- och CCPA-kompatibelt. Med över 600 000 aktiva installationer är det ett välkänt verktyg för webbplatsägare som värdesätter användarnas integritet.

Säkerhetsläget

Tillägget har totalt 18 dokumenterade sårbarheter, vilket är betydligt fler än önskvärt. Fördelningen visar 8 sårbarheter med hög allvarlighetsgrad, 1 kritisk, 8 medium och 1 låg. Det mest oroväckande är den kritiska sårbarheten och att den senaste upptäcktes så sent som september 2025.

Praktiska risker

Sårbarheter med hög och kritisk allvarlighetsgrad kan potentiellt användas för att få obehörig åtkomst till webbplatsen eller stjäla känslig information. Medium-sårbarheter utgör vanligtvis mindre risk men bör inte ignoreras.

Våra rekommendationer

  • Kontrollera att du kör den senaste versionen av tillägget
  • Överväg alternativa statistiktillägg med bättre säkerhetshistorik
  • Implementera brandväggsregler som extra skydd
  • Säkerhetskopiera webbplatsen regelbundet

Regelbundna uppdateringar av WordPress, teman och tillägg är det mest effektiva skyddet mot kända säkerhetshot.

Använder du WP Statistics – Simple, privacy-friendly Google Analytics alternative?

Kör ett gratis test och se om din hemsida är påverkad av dessa sårbarheter.

Testa din hemsida

Alla kända sårbarheter

Hög CVE-2025-9816

CVE-2025-9816: The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and inclu...

Påverkade versioner: all

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Header in all versions up to, and including, 14.5.4 due to insufficient input sanitization and...

Hög CVE-2025-9816

WP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent Header

Påverkade versioner: <= 14.15.4

Medel CVE-2025-55716

WP Statistics <= 14.15 - Missing Authorization

Påverkade versioner: <= 14.15

Medel CVE-2025-3953

CVE-2025-3953: The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpda...

Påverkade versioner: all

The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14....

Medel CVE-2025-3953

WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update

Påverkade versioner: <= 14.13.3

Hög CVE-2024-2194

CVE-2024-2194: The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization an...

Påverkade versioner: all

The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthe...

Hög CVE-2023-0955

CVE-2023-0955: The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to ...

Påverkade versioner: < 14.0

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), ho...

Medel CVE-2021-4333

CVE-2021-4333: The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() funct...

Påverkade versioner: <= 13.1.1

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attac...

Hög CVE-2022-4230

CVE-2022-4230: The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available t...

Påverkade versioner: < 13.2.9

The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+),...

Medel CVE-2022-1005

CVE-2022-1005: The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers wh...

Påverkade versioner: < 13.2.2

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters

Medel CVE-2022-25307

CVE-2022-25307: The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the platform parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers to inject arbitrary web...

Medel CVE-2022-25306

CVE-2022-25306: The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.p...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the browser parameter found in the ~/includes/class-wp-statistics-visitor.php file which allows attackers to inject arbitrary we...

Medel CVE-2022-25305

CVE-2022-25305: The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file wh...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the ~/includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts...

Hög CVE-2022-25149

CVE-2022-25149: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file whi...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject...

Kritisk CVE-2022-25148

CVE-2022-25148: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authenticati...

Hög CVE-2022-0651

CVE-2022-0651: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hi...

Påverkade versioner: <= 13.1.5

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentica...

Hög CVE-2022-0513

CVE-2022-0513: The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exc...

Påverkade versioner: <= 13.1.4

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authen...

Hög CVE-2021-24340

CVE-2021-24340: The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, whi...

Påverkade versioner: < 13.0.8

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only,...

Låg CVE-2019-12566

CVE-2019-12566: The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that ...

Påverkade versioner: <= 12.6.5

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user.

Medel CVE-2019-10864

CVE-2019-10864: The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.

Påverkade versioner: <= 12.6.2

The WP Statistics plugin through 12.6.2 for WordPress has XSS, allowing a remote attacker to inject arbitrary web script or HTML via the Referer header of a GET request.

Medel CVE-2017-10991

CVE-2017-10991: The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.

Påverkade versioner: <= 12.0.9

The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.

Så skyddar du din sajt

Sårbarheter i tillägg är den vanligaste attackytan för WordPress-sajter. Det bästa skyddet är att vara proaktiv — här är tre konkreta steg.

Håll tillägget uppdaterat

De flesta sårbarheter i WP Statistics – Simple, privacy-friendly Google Analytics alternative åtgärdas snabbt av utvecklarna. Uppdatera alltid till senaste versionen.

Ta bort oanvända tillägg

Varje tillägg är en potentiell attackyta. Avinstallera det du inte aktivt använder.

Bevaka automatiskt

Med löpande övervakning upptäcker du problem innan de blir allvarliga.

Vill du slippa hålla koll själv? Med ett supportavtal från Sitesupport sköter vi uppdateringar och säkerhet åt dig.

Vanliga frågor om WP Statistics – Simple, privacy-friendly Google Analytics alternative

WP Statistics – Simple, privacy-friendly Google Analytics alternative har 21 kända sårbarheter, varav 10 med hög eller kritisk allvarlighetsgrad. Det betyder inte nödvändigtvis att tillägget är osäkert — de flesta sårbarheter åtgärdas i nya versioner. Det viktigaste är att alltid köra den senaste versionen.
Det enklaste sättet är att köra ett gratis test av din hemsida på sitesupport.co. Testet kontrollerar vilka tillägg du använder och vilka versioner som är installerade, och jämför det mot kända sårbarheter.
Uppdatera till den senaste versionen så snart som möjligt. Om det inte finns en uppdatering som åtgärdar problemet bör du överväga att tillfälligt inaktivera tillägget, särskilt om sårbarheten har kritisk eller hög allvarlighetsgrad.
WP Statistics – Simple, privacy-friendly Google Analytics alternative har över 600 000 aktiva installationer på WordPress.org och ett betyg på 4.1 av 5. Populära tillägg har generellt bättre säkerhetsrutiner tack vare större community och fler ögon på koden.

Andra tillägg med kända sårbarheter

Royal Addons for Elementor – Addons and Templates Kit for Elementor
59 sårbarheter
Ninja Forms – The Contact Form Builder That Grows With You
58 sårbarheter
Booking Calendar
56 sårbarheter
Newsletter – Send awesome emails from WordPress
56 sårbarheter
Elementor Website Builder – More Than Just a Page Builder
55 sårbarheter
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
54 sårbarheter

Hur mår din hemsida?

Kör ett gratis test och se hur din sajt presterar inom SEO, säkerhet, prestanda och tillgänglighet — på under en minut.

Testa gratis

Inget konto krävs