cleantalk
Vulnerabilities and Security Researches

Burst Statistics – Privacy-Friendly Analytics for WordPress, CVE-2023-5761

CVE, Research URL

CVE-2023-5761

Home page URL

Security reports for Burst Statistics – Privacy-Friendly Analytics for WordPress

Application

Burst Statistics – Privacy-Friendly Analytics for WordPress

Published on
Dec 07, 2023
Research Description
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max 1.5.0.
Status
vulnerable
Previous vulnerability researches
Burst Statistics – Privacy-Friendly Analytics for WordPress (CVE-2023-5761) , Jun 06, 2024
Burst Statistics – Privacy-Friendly Analytics for WordPress (CVE-2024-1894) , Jun 06, 2024
Burst Statistics – Privacy-Friendly Analytics for WordPress (CVE-2024-0405) , Jun 06, 2024
Burst Statistics – Privacy-Friendly Analytics for WordPress (CVE-2025-53193) , Jul 03, 2025
New vulnerability
CSV Importer Improved (CVE-2025-50013) , Jul 04, 2025
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more (CVE-2025-53203) , Jul 04, 2025
Infility Global (CVE-2025-52774) , Jul 04, 2025
Additional Order Filters for WooCommerce (CVE-2025-53271) , Jul 04, 2025
Aviation Weather from NOAA (CVE-2025-28980) , Jul 04, 2025