CVE-2022-25149

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.

El plugin WP Statistics de WordPress es vulnerable a una inyección SQL debido a un escape y parametrización insuficientes del parámetro IP encontrado en el archivo ~/includes/class-wp-statistics-hits.php que permite a atacantes no autenticados inyectar consultas SQL arbitrarias para obtener información confidencial, en versiones hasta la 13.1.5 incluyéndola