15 matches found
WordPress Visitor Traffic Real Time Statistics plugin <= 8.4 - Unauthenticated Stored Cross-Site Scripting vulnerability
Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Visitors Traffic Real Time Statistics versions = 8.4...
EUVD-2026-18995
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-2936
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2021-24193
Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which...
CVE-2021-24829
The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the todaytrafficindex AJAX action available to any authenticated users before using it in a SQL statement, leading to an SQL injection issue...
CVE-2021-24829 Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection
The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the todaytrafficindex AJAX action available to any authenticated users before using it in a SQL statement, leading to an SQL injection issue...
WordPress SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. SQL injection vulnerability exists in Wordpress Plugin...
WordPress Visitor Traffic Real Time Statistics plugin <= 3.8 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Visitor Traffic Real Time Statistics plugin versions = 3.8. Solution Update the WordPress Visitor Traffic Real Time Statistics plugin to the latest available version at least 3.9...
Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection
The plugin does not validate and escape user input passed to the todaytrafficindex AJAX action available to any authenticated users before using it in a SQL statement, leading to an SQL injection issue POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, /; q=0.01...
WordPress plugin Visitor Traffic Real Time Statistics 安全漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A vulnerability exists in the WordPress plugin before...
WordPress Visitor Traffic Real Time Statistics plugin <= 2.11 - Arbitrary Plugin Installation and Activation vulnerability
Arbitrary Plugin Installation and Activation vulnerability discovered by Bugbang in WordPress Visitor Traffic Real Time Statistics plugin versions = 2.11. Solution Update the WordPress Visitor Traffic Real Time Statistics plugin to the latest available version at least 2.12...
WordPress Visitor Traffic Real Time Statistics Plugin < 1.12 CSRF Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress Visitor Traffic Real Time Statistics Plugin < 1.13 CSRF Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...