CVE-2023-0955
WP Statistics < 14.0 - Authenticated SQLiThe WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.
We have discovered 41,249 live websites that are affected by CVE-2023-0955.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 41,249 live websites (23.09% of WP Statistics install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 68 versions ( 54.84% of all versions) |
Common Weakness Enumeration
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')Details
- Published - Mar 27, 2023
- Updated - Feb 19, 2025
Credits
- Erwan LR (WPScan) (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2023-0955 usage by Country
 United States | 8,025 websites |
 Germany | 7,609 websites |
 France | 3,618 websites |
 Iran | 2,275 websites |
 Japan | 2,269 websites |
 Poland | 1,533 websites |
 Netherlands | 1,180 websites |
 Russia | 1,061 websites |
 Vietnam | 975 websites |
 GB | 854 websites |
CVE-2023-0955 usage by TLD
| .com | 14,495 websites |
| .de | 4,330 websites |
| .org | 1,693 websites |
| .fr | 1,660 websites |
| .net | 1,239 websites |
| .pl | 1,201 websites |
| .nl | 1,039 websites |
| .ru | 818 websites |
| .ch | 619 websites |
| .it | 601 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-0955
Top websites that are affected by CVE-2023-0955. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | *,*** | |
| ***********.fr | France | **,*** | |
| ******.pl | Poland | **,*** | |
| *********.com | United States | **,*** | |
| **********************.com | United States | **,*** | |
| ***************.com | Poland | **,*** | |
| *****.ru | Russia | **,*** | |
| ***.**.th |  Thailand | **,*** | |
| ****************.eu |  Switzerland | ***,*** | |
| *******.tk | United States | ***,*** |
FAQ
CVE-2023-0955 is Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in WP Statistics
A total of 41,249 websites have been identified as vulnerable to CVE-2023-0955, discovered through global website indexing conducted by WebTechSurvey.
WP Statistics is susceptible to CVE-2023-0955 vulnerability.
WP Statistics versions before 14 are vulnerable to CVE-2023-0955.
Version 14 of WP Statistics addresses the CVE-2023-0955 security vulnerability.