22 matches found
EUVD-2023-49395
Malicious code in bioql PyPI...
EUVD-2023-32423
Malicious code in bioql PyPI...
EUVD-2024-29920
Malicious code in bioql PyPI...
CVE-2023-50371
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for...
CVE-2023-28788
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a...
CVE-2021-24957
The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection...
CVE-2023-5529 Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS
The Advanced Page Visit Counter WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-32098
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Page Visit Counter Advanced Page Visit Counter.This issue affects Advanced Page Visit Counter: from n/a through 8.0.6...
WordPress Advanced Page Visit Counter Plugin <= 8.0.6 is vulnerable to SQL Injection
Software Advanced Page Visit Counter Type Plugin Vulnerable versions = 8.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32098 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 091c37cd4699 Credits Le Ngoc Anh Required privilege...
PT-2024-14816 · WordPress +1 · Advanced Page Visit Counter
Name of the Vulnerable Software and Affected Versions: The Advanced Page Visit Counter WordPress plugin versions prior to 8.0.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible even when the unfiltered html...
Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Visit the "Settings" interface...
Advanced Page Visit Counter <= 8.0.6 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Visit the "Settings" interface...
WordPress Advanced Page Visit Counter Plugin <= 8.0.6 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Page Visit Counter Type Plugin Vulnerable versions = 8.0.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50371 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2d2c9790972e Credits Khalid Yusuf Required...
CVE-2023-45074 WordPress Advanced Page Visit Counter Plugin <= 7.1.1 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for...
CVE-2023-45074 WordPress Advanced Page Visit Counter Plugin <= 7.1.1 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for...
WordPress Advanced Page Visit Counter Plugin <= 7.1.1 is vulnerable to SQL Injection
Software Advanced Page Visit Counter Type Plugin Vulnerable versions = 7.1.1 Fixed in 8.0.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-45074 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 1c92e0ed64b0 Credits TomS Required privilege Contributor...
WordPress Advanced Page Visit Counter Plugin <= 7.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Page Visit Counter Type Plugin Vulnerable versions = 7.1.0 Fixed in 7.1.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID db4d933e466c Credits Rafie Muhammad...
WordPress plugin Advanced Page Visit Counter 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Advanced Page Visit Counter plug...
CVE-2021-24957
The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection...
Sql injection
The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvcresetcountart AJAX action, available to any authenticated user, leading to a SQL injection...