Veronalabs Wp Statistics – Simple, Privacy-friendly Google Analytics Alternative
6 CVEs affecting Veronalabs Wp Statistics – Simple, Privacy-friendly Google Analytics Alternative. Latest disclosed: 2026-04-17. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-5231 | High | 7.2 | 2026-04-17 | The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16… |
CVE-2025-9816 | High | 7.2 | 2025-09-27 | The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent Hea… |
CVE-2024-2194 | High | 7.2 | 2024-03-13 | The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due… |
CVE-2026-3488 | Medium | 6.5 | 2026-04-17 | The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability… |
CVE-2021-4333 | Medium | 6.5 | 2023-03-07 | The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrec… |
CVE-2025-3953 | Medium | 5.4 | 2025-04-30 | The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing… |