WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS

The plugin does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping...

WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 5.4 - Arbitrary IP Address Exclusion to Stored Cross-Site Scripting (XSS) vulnerability

Arbitrary IP Address Exclusion to Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress WP Visitor Statistics Real Time Traffic plugin versions = 5.4. Solution Update the WordPress WP Visitor Statistics Real Time Traffic plugin to the latest available version at...

CVE-2020-36413

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Exclude these IP addresses from the "Site Down" status" parameter under the "Maintenance Mode" module...