Описание
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 13.2.9 (исключая)
cpe:2.3:a:veronalabs:wp_statistics:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 93%
0.09295
Низкий
8.8 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
около 3 лет назад
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.
EPSS
Процентиль: 93%
0.09295
Низкий
8.8 High
CVSS3
Дефекты
CWE-89