WordPress.WP.Statistics.Plugin.current_page_id.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in WordPress Project WP Statistics.
The vulnerability is due to insufficient sanitization of user-supplied data in current_page_id and current_page_type parameter. A remote unauthenticated attacker can exploit the vulnerability by sending crafted requests to the server. A successful attack may result in arbitrary SQL command execution against the database on the target server.
Affected Products
WordPress Project WP Statistics 13.1.5 and prior
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-25148
Version Updates
Date | Version | Detail |
---|---|---|
2022-03-31 | 0.00316 |