Lucene search

K
cvelistWPScanCVELIST:CVE-2021-24829
HistoryNov 08, 2021 - 5:35 p.m.

CVE-2021-24829 Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection

2021-11-0817:35:29
CWE-89
WPScan
www.cve.org

0.001 Low

EPSS

Percentile

37.7%

The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue

CNA Affected

[
  {
    "product": "Visitor Traffic Real Time Statistics",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.9",
        "status": "affected",
        "version": "3.9",
        "versionType": "custom"
      }
    ]
  }
]

0.001 Low

EPSS

Percentile

37.7%

Related for CVELIST:CVE-2021-24829