Headline
CVE-2022-38074: WordPress WP Statistics plugin <= 13.2.10 - Multiple Authenticated SQL Injection vulnerabilities - Patchstack
SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.
Solution
Update the WordPress WP Statistics plugin to the latest available version (at least 13.2.11).
Rafie Muhammad (Patchstack) discovered and reported this SQL Injection vulnerability in WordPress WP Statistics Plugin. This could allow a malicious actor to directly interact with your database, including but not limited to stealing information and creating new administrator accounts. This vulnerability has been fixed in version 13.2.11.
22 other known vulnerabilities for this pluginTo plugin page
Report to Patchstack Alliance bounty platform and earn monthly cash prizes.
Learn more