WordPress Plugin Vulnerabilities

WP Statistics < 13.1.5 - Unauthenticated Blind SQL Injection

Description

The plugin is vulnerable to unauthenticated SQL Injection via the exclusion_reason parameter due to missing parameterization and escaping in the SQL query found on line 88 of the /includes/class-wp-statistics-exclusion.php file when the Record Exclusions feature is enabled.

Proof of Concept

Affects Plugins

Plugin icon
wp-statistics
Fixed in 13.1.5

References

CVE
CVE-2022-0513
URL
https://www.wordfence.com/blog/2022/02/unauthenticated-sql-injection-vulnerability-patched-in-wordpress-statistics-plugin/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Cyku Hong from DEVCORE
Submitter
Chloe Chamberland
Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified
Yes
WPVDB ID
ea624361-1df8-4b30-88ef-e97e9798490b

Timeline

Publicly Published
2022-02-10 (about 4 years ago)
Added
2022-02-10 (about 4 years ago)
Last Updated
2022-04-08 (about 4 years ago)

Other

Published
Title
Published
2024-09-26
Title
WPExperts Square For GiveWP < 1.3.2 - Subscriber+ SQL Injection
Published
2025-01-23
Title
Form Builder CP < 1.2.42 - Authenticated (Contributor+) SQL Injection
Published
2021-07-23
Title
Alipay <= 3.7.2 - Authenticated SQL Injection
Published
2025-01-09
Title
AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) < 2.6 - Authenticated (Contributor+) SQL Injection
Published
2024-03-13
Title
Automatic < 3.92.1 - Unauthenticated SQL Injection