The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the exclusion_reason parameter found in the ~/includes/class-wp-statistics-exclusion.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.4. This requires the "Record Exclusions" option to be enabled on the vulnerable site.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2022-02-16T16:38:03
Updated: 2024-08-02T23:32:45.879Z
Reserved: 2022-02-07T00:00:00
Link: CVE-2022-0513
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-16T17:15:11.503
Modified: 2024-11-21T06:38:48.850
Link: CVE-2022-0513
Redhat
No data.