CVE-2023-0955

WP Statistics < 14.0 - Authenticated SQLi

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.

We have discovered 20,339 live websites that are affected by CVE-2023-0955.

Affected Software


Product	WP Statistics
Category	Wordpress Plugins
Vulnerable Versions	from 0 before 14
Total Vulnerable Versions	83
Vulnerable Domains	20,339 live websites (11.23% of WP Statistics install base)

Common Weakness Enumeration

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-0955 and the relative popularity of websites

Available Reports

Website List

Details

Published - Mar 27, 2023
Updated - Mar 27, 2023

Credits

Erwan LR (WPScan) (finder)
WPScan (coordinator)

CWE

CWE-89

CVE References

CWE References

cwe.mitre.org

Countries

United States	3,234 websites

Germany	4,029 websites
France	1,637 websites
Iran	1,066 websites
Japan	837 websites
Poland	776 websites
Netherlands	731 websites
Italy	725 websites
GB	519 websites
Spain	467 websites

TLDs

.com	6,526 websites
.de	2,832 websites
.org	996 websites
.fr	814 websites
.pl	578 websites
.nl	578 websites
.net	559 websites
.it	471 websites
.eu	294 websites
.at	293 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2023-0955 through included software libraries and plugins.

References

https://wpscan.com/vulnerability/18b7e93f-b038-4f28-918b-4015d62f0eb8

Websites affected by CVE-2023-0955

Top websites that are affected by CVE-2023-0955. Please click on the "Contact us" button above to get more information.

Domain	Country	Rank
********.com	United States	,**
**********.*.in	India	,*
*.*********.fr	France	,*
****.org	Australia	,*
***********.*.ua	Ukraine	,*
***.***.*******.com	United States	,*
*.**********.com	United States	,*
*.*********.com	United States	,*
*.*********.at	Austria	,*
*.******..il	Israel	,*

See full domain list

Domain	Country	Rank
********.com	United States	,**
**********.*.in	India	,*
*.*********.fr	France	,*
****.org	Australia	,*
***********.*.ua	Ukraine	,*
***.***.*******.com	United States	,*
*.**********.com	United States	,*
*.*********.com	United States	,*
*.*********.at	Austria	,*
*.******..il	Israel	,*