CVE-2022-38074
WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL InjectionSQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.
We have discovered 37,576 live websites that are affected by CVE-2022-38074.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 37,576 live websites (21.03% of WP Statistics install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 62 versions ( 50.00% of all versions) |
Common Weakness Enumeration
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Details
- Published - Mar 13, 2023
- Updated - Jan 8, 2025
Credits
- Rafie Muhammad (Patchstack) (finder)
CWE
CVE References
CWE References
CVE-2022-38074 usage by Country
 United States | 6,766 websites |
 Germany | 6,900 websites |
 France | 3,399 websites |
 Japan | 2,162 websites |
 Iran | 2,133 websites |
 Poland | 1,414 websites |
 Netherlands | 1,083 websites |
 Russia | 992 websites |
 Vietnam | 934 websites |
 GB | 793 websites |
CVE-2022-38074 usage by TLD
| .com | 13,071 websites |
| .de | 3,887 websites |
| .org | 1,526 websites |
| .fr | 1,426 websites |
| .net | 1,140 websites |
| .pl | 1,105 websites |
| .nl | 940 websites |
| .ru | 761 websites |
| .ch | 589 websites |
| .it | 560 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-38074
Top websites that are affected by CVE-2022-38074. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | *,*** | |
| ***********.fr | France | **,*** | |
| ******.pl | Poland | **,*** | |
| *********.com | United States | **,*** | |
| **********************.com | United States | **,*** | |
| ***************.com | Poland | **,*** | |
| ***.**.th |  Thailand | **,*** | |
| *******.tk | United States | ***,*** | |
| ******.*******.pl | Poland | ***,*** | |
| **********.com | United States | ***,*** |
FAQ
CVE-2022-38074 is Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in WP Statistics
A total of 37,576 websites have been identified as vulnerable to CVE-2022-38074, discovered through global website indexing conducted by WebTechSurvey.
WP Statistics is susceptible to CVE-2022-38074 vulnerability.
WP Statistics versions before, and including, 13.2.10 are vulnerable to CVE-2022-38074.