Veronalabs » Wp Statistics : Security Vulnerabilities, CVEs, Published In 2019 (Sql injection)
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.
Max CVSS
9.8
EPSS Score
0.25%
Published
2019-07-04
Updated
2019-07-10
The wp-statistics plugin before 12.0.8 for WordPress has SQL injection.
Max CVSS
9.8
EPSS Score
0.14%
Published
2019-08-14
Updated
2019-08-16
2 vulnerabilities found