CVE-2022-0651 Scanner
Detects 'SQL Injection' vulnerability in WordPress WP Statistics Plugin affects versions up to and including 13.1.5.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Toolbox
-
WP Statistics is a powerful WordPress plugin developed by VeronaLabs, designed for gathering and analyzing website statistics. It offers comprehensive insights into site visits, visitor locations, page views, and search engine referrals. This plugin is widely utilized by WordPress site owners to monitor traffic patterns, optimize content, and enhance user engagement. Its ease of use and detailed reporting capabilities make it an essential tool for website analytics.
The vulnerability stems from the plugin's inadequate sanitization and parameterization of user inputs, specifically within the current_page_type parameter in the ~/includes/class-wp-statistics-hits.php file. By crafting malicious requests to the WP Statistics REST API, attackers can manipulate SQL queries executed by the plugin. This issue exposes the website to various SQL Injection attacks, highlighting the need for strict input validation and the use of prepared statements in database operations.
Exploiting this vulnerability could allow attackers to access sensitive data stored in the WordPress database, including user credentials, personal information, and website content. Additionally, attackers could leverage this flaw to modify or delete data, disrupt website operations, and potentially gain unauthorized administrative access. The severity of the impact underscores the critical need for immediate remediation measures.
By subscribing to the securityforeveryone platform, users gain access to advanced security scanning solutions that can detect vulnerabilities like CVE-2022-0651 in the WP Statistics plugin. Our service provides detailed vulnerability assessments, real-time monitoring, and actionable recommendations to enhance your cybersecurity posture. Membership benefits include prioritized remediation guidance, support from security experts, and comprehensive tools to protect your digital assets from emerging threats.
References
- https://wordpress.org/plugins/wp-statistics/
- https://gist.github.com/Xib3rR4dAr/5dbd58b7f57a5037fe461fba8e696042
- https://nvd.nist.gov/vuln/detail/CVE-2022-0651
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2679983%40wp-statistics&new=2679983%40wp-statistics&sfp_email=&sfph_mail=
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-0651
control security posture