CVE-2022-4230
WP Statistics < 13.2.9 - Authenticated SQLi
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.
We have discovered 13,313 live websites that are affected by CVE-2022-4230.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 83 |
| Vulnerable Domains | 13,313 live websites (7.35% of WP Statistics install base) |
Common Weakness Enumeration
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-4230 and the relative popularity of websitesDetails
- Published - Jan 23, 2023
Credits
- Jordy Versmissen (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
Countries
 United States | 1,823 websites |
 Germany | 2,705 websites |
 France | 987 websites |
 Iran | 697 websites |
 Japan | 610 websites |
 Italy | 493 websites |
 Netherlands | 477 websites |
 Poland | 460 websites |
 GB | 353 websites |
 Spain | 324 websites |
TLDs
| .com | 4,120 websites |
| .de | 1,874 websites |
| .org | 696 websites |
| .fr | 446 websites |
| .net | 364 websites |
| .nl | 364 websites |
| .pl | 346 websites |
| .it | 319 websites |
| .at | 208 websites |
| .eu | 203 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2022-4230 through included software libraries and plugins.Websites affected by CVE-2022-4230
Top websites that are affected by CVE-2022-4230. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | *,*** | |
| ************.***.in |  India | **,*** | |
| ***.***********.fr | France | **,*** | |
| *************.***.ua |  Ukraine | **,*** | |
| *****.*******.*********.com | United States | **,*** | |
| ***.************.com | United States | **,*** | |
| ***.***********.com | United States | **,*** | |
| ***.***********.at |  Austria | **,*** | |
| ***.**********.**.il |  Israel | **,*** | |
| **.******.org | Netherlands | **,*** |