CVE-2022-0513

Name of the Vulnerable Software and Affected Versions WP Statistics versions up to and including 13.1.4

Description The issue arises from insufficient escaping and parameterization of the exclusion reason parameter in the ~/includes/class-wp-statistics-exclusion.php file, allowing attackers without authentication to inject arbitrary SQL queries and obtain sensitive information. This exploit requires the "Record Exclusions" option to be enabled on the vulnerable site.

Recommendations For versions up to and including 13.1.4, update to a version that addresses this issue, as the current version allows for SQL injection attacks due to the vulnerability in the exclusion reason parameter. At the moment, there is no information about a newer version that contains a fix for this vulnerability.