CVE-2022-1005

🔶 medium

Summary

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters

CVSS Score

6.1

Medium

EPSS Score

0.3

Exploit Probability

Published Date

2022-06-08

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 39.1% of all 313,973 vulnerabilities in our database.

#191,305

Below average severity

Severity Percentile

Last Modified 2024-11-21

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE IDs (Weakness Types)

CWE-79

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
veronalabs	wp_statistics	Affected	< 13.2.2

🔗 References 1

https://wpscan.com/vulnerability/f37d1d55-10cc-4202-...

Exploit Third Party Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2025-55716	🔶 medium	-	0.0	Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured A...	2025-08-14
CVE-2023-0955	⚠️ high	8.8	0.7	The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to per...	2023-03-27
CVE-2022-38074	⛔ critical	9.9	0.5	SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.	2023-03-13
CVE-2021-4333	🔶 medium	6.5	0.1	The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13....	2023-03-07
CVE-2022-4230	⚠️ high	8.8	9.3	The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to p...	2023-01-23
CVE-2022-27231	🔶 medium	6.1	0.3	Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a pl...	2022-06-13

These CVEs affect the same products