What the vulnerability does
01Description
SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions.
CVE-2022-38074
CRITICAL
CVE-2022-38074: WordPress WP Statistics Plugin <= 13.2.10 is vulnerable to SQL Injection
CVSS base score
9.9/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Key dates
02Disclosure timeline
March 13, 2023
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-1702 Ultimate Member <= 2.10.0 - Unauthenticated SQL Injection via search Parameter
CVE-2026-2198 code-projects Online Reviewer System loaddata.php sql injection
CVE-2026-3489 DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.26 - Unauthenticated SQL Injection via 'packages'
CVE-2026-0568 code-projects Online Music Site ViewSongs.php sql injection
CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php
