CVE-2019-13275

Name of the Vulnerable Software and Affected Versions VeronaLabs wp-statistics plugin versions prior to 12.6.7

Description An issue was discovered in the plugin, where the "v1/hit" endpoint of the API is vulnerable to unauthenticated blind SQL Injection when the non-default "use cache plugin" setting is enabled.

Recommendations For versions prior to 12.6.7, update to version 12.6.7 or later to resolve the issue. As a temporary workaround, consider disabling the "use cache plugin" setting until a patch is available. Restrict access to the "v1/hit" endpoint of the API to minimize the risk of exploitation.