Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WP Statistics — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting WP Statistics. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WP Statistics is a WordPress plugin for tracking website traffic and analytics with over 1 million active installations. Historically, it has been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues, accounting for its 9 recorded CVEs. The plugin's security posture has been compromised through insufficient input validation and improper access controls, leading to several high-severity incidents. In 2023, critical RCE vulnerabilities allowed attackers to execute arbitrary code with minimal user interaction, highlighting ongoing security challenges. Despite its popularity, the plugin's track record demonstrates recurring issues in sanitizing user inputs and implementing secure authentication mechanisms, making it a persistent target for exploitation.

Top products by WP Statistics: WP Statistics
CVE IDTitleCVSSSeverityPublished
CVE-2022-25307 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via platform — WP StatisticsCWE-79 7.2 High2022-02-24
CVE-2022-25305 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via IP — WP StatisticsCWE-79 7.2 High2022-02-24
CVE-2022-25306 WP Statistics <= 13.1.5 Unauthenticated Stored Cross-Site Scripting via browser — WP StatisticsCWE-79 7.2 High2022-02-24
CVE-2022-25149 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via IP — WP StatisticsCWE-89 9.8 Critical2022-02-24
CVE-2022-0651 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_type — WP StatisticsCWE-89 9.8 Critical2022-02-24
CVE-2022-25148 WP Statistics <= 13.1.5 Unauthenticated Blind SQL Injection via current_page_id — WP StatisticsCWE-89 9.8 Critical2022-02-24
CVE-2017-2135 WordPress WP Statistics 跨站脚本漏洞 — WP Statistics 6.1 -2017-04-28
CVE-2017-2136 WordPress WP Statistics 跨站脚本漏洞 — WP Statistics 6.1 -2017-04-28
CVE-2017-2147 WordPress WP Statistics 跨站脚本漏洞 — WP Statistics 6.1 -2017-04-28

This page lists every published CVE security advisory associated with WP Statistics. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.