CVE-2022-25148

CVE-2022-25148

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.

Source: https://nvd.nist.gov/vuln/detail/CVE-2022-25148

Stay ahead of the cybersecurity curve!

Sign up now to receive our newsletter and stay informed about the latest trends and insights. Don’t miss out on cybersecurity updates! 

ByteArmor is a firm that focuses on maximizing the cybersecurity posture and improve the IT project management capabilities of your organization.