CVE-2022-25148

EUVD-2022-29891
The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WordfenceCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
veronalabswp_statistics
𝑥
≤ 13.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/174482/WordPress-WP-Statistics-13.1.5-SQL-Injection.html
https://gist.github.com/Xib3rR4dAr/5dbd58b7f57a5037fe461fba8e696042
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2679983%40wp-statistics&new=2679983%40wp-statistics&sfp_email=&sfph_mail=
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-25148
http://packetstormsecurity.com/files/174482/WordPress-WP-Statistics-13.1.5-SQL-Injection.html
https://gist.github.com/Xib3rR4dAr/5dbd58b7f57a5037fe461fba8e696042
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2679983%40wp-statistics&new=2679983%40wp-statistics&sfp_email=&sfph_mail=
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-25148