The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection
8.8CVSS
8.8AI Score
0.001EPSS
The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it
6.1CVSS
6AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter β Most Wanted Analytics Plugin for WordPress.This issue affects Advanced Page Visit Counter β Most Wanted Analytics Plugin for WordPress: from n/a thr...
8.8CVSS
9AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter β Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter β Most Wanted Analytics Plugin for Wo...
9.8CVSS
9.8AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter β Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter β Most Wanted Analytics Plugin for WordP...
6.5CVSS
5.9AI Score
0.0004EPSS