An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.
References
Link | Resource |
---|---|
https://wpvulndb.com/vulnerabilities/9412 | Exploit Third Party Advisory |
https://github.com/wp-statistics/wp-statistics/commit/bd46721b97794a1b1520e24ff5023b6da738dd75 | Patch Third Party Advisory |
https://wordpress.org/plugins/wp-statistics/#developers | Product Third Party Advisory |
Configurations
Information
Published : 2019-07-04 12:15
Updated : 2019-07-10 06:50
NVD link : CVE-2019-13275
Mitre link : CVE-2019-13275
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
veronalabs
- wp_statistics