WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection
CVE-2022-38074
9.9CRITICAL
Summary
The WP Statistics plugin by VeronaLabs, specifically versions up to 13.2.10, is prone to an SQL Injection vulnerability. This flaw allows attackers to manipulate SQL queries, potentially leading to unauthorized access to sensitive data within the database. Users of the plugin should ensure they update to the latest version to mitigate risks associated with this security issue.
Affected Version(s)
WP Statistics <= 13.2.10
References
CVSS V3.1
Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rafie Muhammad (Patchstack)