Vulnerabilities in veronalabs
39 resultsCVE-2024-2194HIGHWP Statistics <= 14.5 - Unauthenticated Stored Cross-Site ScriptingEPSS 67.7%CVE-2022-0513CRITICALWP Statistics <= 13.1.4 Unauthenticated Blind SQL Injection via exclusion_reasonEPSS 53.6%CVE-2021-24340—WP Statistics < 13.0.8 - Unauthenticated SQL InjectionEPSS 26.9%CVE-2025-9816HIGHWP Statistics <= 14.5.4 - Unauthenticated Stored Cross-Site Scripting via User-Agent HeaderEPSS 9.1%CVE-2022-27231—Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. ByEPSS 1.0%CVE-2023-4598HIGHSlimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via ShortcodeEPSS 0.9%CVE-2022-38074CRITICALWordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL InjectionEPSS 0.7%CVE-2023-4597MEDIUMSlimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.6%CVE-2023-27447MEDIUMWordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data ExposureEPSS 0.5%CVE-2024-9548HIGHSlimstat Analytics <= 5.2.6 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.5%CVE-2023-33994MEDIUMWordPress Slimstat Analytics plugin <= 5.0.5.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2026-5231HIGHWP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' ParameterEPSS 0.5%CVE-2024-1073MEDIUMSlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.5%CVE-2026-7634HIGHSlimStat Analytics <= 5.4.11 - Unauthenticated Stored Cross-Site Scripting via User-Agent HeaderEPSS 0.4%CVE-2024-34811MEDIUMWordPress WP SMS plugin <= 6.5.1 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2023-6981MEDIUMWP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site ScriptingEPSS 0.4%CVE-2023-32742HIGHWordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2025-14151HIGHSlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.4%CVE-2021-4333MEDIUMWP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and DeactivationEPSS 0.4%CVE-2024-24881HIGHWordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%