WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection

WordPress Visitor Statistics Real Time Traffic plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks. id: CVE-2021-247...

WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection

The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks. id: CVE-2023-0600 info: name: WP Visitor Statistics Real Time Traffic 6.9 - SQL Injection author: r3Y3r53,j4vaovo severity: critical description: | The...

CVE-2026-4303

The WP Visitor Statistics Real Time Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsmshowDayStatsGraph' shortcode in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2026-4303

The WP Visitor Statistics Real Time Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsmshowDayStatsGraph' shortcode in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2026-4303

Vulnerability summary (CVE-2026-4303) : The WP Visitor Statistics (Real Time Traffic) plugin for WordPress (versions up to and including 8.4) is affected by a Stored Cross-Site Scripting (XSS) flaw in the shortcodes, specifically the plugin’s wsm_showDayStatsGraph attribute handling. The root cau...

WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'height' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'height' Shortcode Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Visitor Statistics Real Time Traffic versions = 8.4...

WordPress plugin WP Visitor Statistics (Real Time Traffic) 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-31289

Name of the Vulnerable Software and Affected Versions WP Visitor Statistics Real Time Traffic versions up to and including 8.4 Description The WP Visitor Statistics Real Time Traffic plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'wsm showDayStatsGraph' shortcode...

CVE-2025-67983

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through = 8.3...

EUVD-2025-203559

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through = 8.3...

CVE-2025-67983

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through = 8.3...

CVE-2025-67983

CVE-2025-67983 affects the WordPress plugin WP Visitor Statistics (Real Time Traffic) (wp-stats-manager). Public details confirm a DOM-based/Stored XSS via shortcode input (e.g., visitor_stats) that requires an authenticated user (Contributor+). The Wordfence report attributes the vulnerability t...

CVE-2025-67983 WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through = 8.3...

CVE-2025-67983 WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in osama.esh WP Visitor Statistics Real Time Traffic wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics Real Time Traffic: from n/a through = 8.3...

WordPress plugin WP Visitor Statistics 跨站脚本漏洞

...

PT-2025-51439

Name of the Vulnerable Software and Affected Versions osama.esh WP Visitor Statistics Real Time Traffic versions through 8.3 Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, leading to a potential Cross-site Scripting XSS issue...

WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Visitor Statistics Real Time Traffic versions = 8.3...

EUVD-2025-2704

Malicious code in bioql PyPI...

EUVD-2024-22230

Malicious code in bioql PyPI...

EUVD-2025-19962

Malicious code in bioql PyPI...