cleantalk
Vulnerabilities and Security Researches

WP Statistics, CVE-2021-24340

CVE, Research URL

CVE-2021-24340

Home page URL

Security reports for WP Statistics

Application

WP Statistics

Published on
Jun 07, 2021
Research Description
The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.
Affected versions
Min -, max 13.0.8.
Status
vulnerable
Previous vulnerability researches
WP Statistics (CVE-2022-25149) , Jun 07, 2024
WP Statistics (CVE-2022-25307) , Jun 07, 2024
WP Statistics (CVE-2022-0513) , Jun 07, 2024
WP Statistics (CVE-2017-18515) , Jun 07, 2024
WP Statistics (CVE-2019-12566) , Jun 07, 2024
New vulnerability
WP Statistics (CVE-2025-3953) , May 01, 2025
Calculated Fields Form (CVE-2024-12273) , May 01, 2025
Admin and Site Enhancements (ASE) (CVE-2024-13688) , Apr 30, 2025
WordPress Simple Shopping Cart (CVE-2025-3529) , Apr 30, 2025
SecuPress Free — WordPress Security (CVE-2025-3452) , Apr 30, 2025