CVEFinder.io

CVE-2022-27231

πŸ”Ά medium
πŸ” Scan for this CVE
Summary

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product.

CVSS Score
6.1
Medium
EPSS Score
0.3
Exploit Probability
Published Date
2022-06-13
First Seen: 2026-01-05
πŸ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 39.1% of all 313,973 vulnerabilities in our database.

#191,305
Below average severity
Severity Percentile
Last Modified 2024-11-21
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-79

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
veronalabs wp_statistics Affected
< 13.2.0

πŸ”— References 3

https://jvn.jp/en/jp/JVN15241647/index.html
Release Notes Third Party Advisory
https://wordpress.org/plugins/wp-statistics/
Product Third Party Advisory
https://wordpress.org/plugins/wp-statistics/#developers
Release Notes Third Party Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-55716 πŸ”Ά medium - 0.0 Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured A... 2025-08-14
CVE-2023-0955 ⚠️ high 8.8 0.7 The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to per... 2023-03-27
CVE-2022-38074 β›” critical 9.9 0.5 SQL Injection vulnerability in VeronaLabs WP Statistics pluginΒ <= 13.2.10 versions. 2023-03-13
CVE-2021-4333 πŸ”Ά medium 6.5 0.1 The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.... 2023-03-07
CVE-2022-4230 ⚠️ high 8.8 9.3 The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to p... 2023-01-23
CVE-2022-1005 πŸ”Ά medium 6.1 0.3 The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back i... 2022-06-08
These CVEs affect the same products