CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18515 – WP Statistics <= 12.0.7 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2017-18515
30 Jun 2017 — The wp-statistics plugin before 12.0.8 for WordPress has SQL injection. El plugin wp-statistics versiones anteriores a 12.0.8 para WordPress, presenta una inyección SQL. • https://wordpress.org/plugins/wp-statistics/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2147
https://notcve.org/view.php?id=CVE-2017-2147
28 Apr 2017 — Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en WP Statistics version 12.0.4 y anteriores, que permitiría a un atacante remoto inyectar secuencia de comandos web o HTML arbitrarios a través de vectores no especificados • http://jvn.jp/en/jp/JVN77253951/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2135
https://notcve.org/view.php?id=CVE-2017-2135
28 Apr 2017 — Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting en WP Statistics versión 12.0.1 y anteriores permite a los atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN17633442/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2136 – WP Statistics <= 12.0.4 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2136
13 Apr 2017 — Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. Vulnerabilidad de Cross-Site Scripting en WP Statistics versión 12.0.1 y anteriores permite a los atacantes remotos inyectar secuencias de comandos web o HTML a través de encabezados HTTP Referer especialmente diseñados. • http://jvn.jp/en/jp/JVN62392065/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •