Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 33 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) Medium 5.3 2026-04-24 03:27:06 Deep Dive
CVE-2026-5464 ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) High 7.2 2026-04-23 08:28:26 Deep Dive
CVE-2026-1992 ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) High 8.8 2026-03-11 09:25:43 Deep Dive
CVE-2026-1993 ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) High 8.8 2026-03-11 09:25:42 Deep Dive
CVE-2025-13048 Official StatCounter Plugin <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nickname statcounterStatCounter – Free Real Time Visitor Stats Medium 6.4 2026-02-19 03:25:19 Deep Dive
CVE-2025-68874 WordPress Visitor Stats Widget plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability ShahjadaVisitor Stats Widget 中危 -2026-01-08 09:17:52 Deep Dive
CVE-2025-13513 Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] codejunkieClik stats Medium 6.1 2025-12-04 05:24:14 Deep Dive
CVE-2025-7652 Easy Plugin Stats <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting ndiegoEasy Plugin Stats Medium 6.4 2025-10-11 09:28:37 Deep Dive
CVE-2025-58459 Jenkins plugin global-build-stats 安全漏洞 Jenkins ProjectJenkins global-build-stats Plugin--2025-09-03 15:02:27 Deep Dive
CVE-2025-4964 WP Online Users Stats <= 1.0.0 - Authenticated (Editor+) SQL Injection via table_name Parameter hk1993WP Online Users Stats Medium 4.9 2025-06-06 06:42:52 Deep Dive
CVE-2025-4966 WP Online Users Stats <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via hk_dataset_results Function hk1993WP Online Users Stats Medium 6.1 2025-06-06 06:42:52 Deep Dive
CVE-2025-47499 WordPress Simple Blog Stats plugin <= 20250416 - Cross Site Scripting (XSS) Vulnerability Jeff StarrSimple Blog Stats Medium 6.5 2025-05-07 14:19:56 Deep Dive
CVE-2025-32603 WordPress WP Online Users Stats plugin <= 1.0.0 - SQL Injection vulnerability HKWP Online Users Stats Critical 9.3 2025-04-11 08:43:00 Deep Dive
CVE-2025-32678 WordPress WP Show Stats plugin <= 1.5 - Cross Site Request Forgery (CSRF) vulnerability Ashish AjaniWP Show Stats Medium 4.3 2025-04-09 16:09:15 Deep Dive
CVE-2025-30559 WordPress Kento WordPress Stats plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability PluginsPointKento WordPress Stats High 7.1 2025-04-01 05:31:34 Deep Dive
CVE-2025-28856 WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability dangrossmanW3Counter Free Real-Time Web Stats Medium 4.3 2025-03-11 21:00:30 Deep Dive
CVE-2025-21606 Local Privilege Escalation via Exposed XPC Method Due to Client Verification Failure in stats exelbanstats 中危 -2025-01-17 20:10:05 Deep Dive
CVE-2025-0396 exelban stats XPC Service shouldAcceptNewConnection command injection exelbanstats High 7.8 2025-01-12 12:00:16 Deep Dive
CVE-2024-8738 Seriously Simple Stats <= 1.6.0 - Reflected Cross-Site Scripting podcastmotorSeriously Simple Stats Medium 6.1 2024-09-24 01:56:48 Deep Dive
CVE-2024-31250 WordPress WP Server Health Stats plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) vulnerability Saumya MajumderWP Server Health Stats Medium 4.3 2024-04-12 12:56:39 Deep Dive