CVEFinder.io

CVE-2025-55716

πŸ”Ά medium
πŸ” Scan for this CVE
Summary

Missing Authorization vulnerability in VeronaLabs WP Statistics wp-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Statistics: from n/a through <= 14.15.

CVSS Score
-
EPSS Score
0.0
Exploit Probability
Published Date
2025-08-14
First Seen: 2026-01-05
🎯 CISA SSVC Assessment Updated: Aug 15, 2025
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Partial
Limited system impact
πŸ† Discovered By
Denver Jackson | Patchstack Bug Bounty Program
SSVC data provided by CISA
Last Modified 2026-04-01
Source NVD πŸ”—
CWE IDs (Weakness Types)
CWE-862

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
veronalabs wp_statistics Affected
≤ 14.15

πŸ”— References 1

https://patchstack.com/database/Wordpress/Plugin/wp-...

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2023-0955 ⚠️ high 8.8 0.7 The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to per... 2023-03-27
CVE-2022-38074 β›” critical 9.9 0.5 SQL Injection vulnerability in VeronaLabs WP Statistics pluginΒ <= 13.2.10 versions. 2023-03-13
CVE-2021-4333 πŸ”Ά medium 6.5 0.1 The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.... 2023-03-07
CVE-2022-4230 ⚠️ high 8.8 9.3 The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to p... 2023-01-23
CVE-2022-27231 πŸ”Ά medium 6.1 0.3 Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a pl... 2022-06-13
CVE-2022-1005 πŸ”Ά medium 6.1 0.3 The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back i... 2022-06-08
These CVEs affect the same products