QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24340

Published: Jun 7, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The WP Statistics WordPress plugin before 13.0.8 relied on using the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query. Additionally, the page, which should have been accessible to administrator only, was also available to any visitor, including unauthenticated ones.

Vendor	Product	Versions
VeronaLabs	WP Statistics	affected `13.0.8 - < 13.0.8`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/d2970cfb-0aa9-4516-9a4b-32971f41a19c

x_refsource_CONFIRM

https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.