EUVD-2026-18995

The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagetitle' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

EUVD-2019-6749

Malware in sbrugna...

CVE-2023-47557

Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics visitors-traffic-real-time-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through = 7.2...

CVE-2021-24193

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, which...

WordPress Visitors Traffic Real Time Statistics Plugin <= 7.2 is vulnerable to Broken Access Control

Software Visitors Traffic Real Time Statistics Type Plugin Vulnerable versions = 7.2 Fixed in 7.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47557 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a6e4049fb1e4 Credits...

CVE-2021-24829 Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection

The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the todaytrafficindex AJAX action available to any authenticated users before using it in a SQL statement, leading to an SQL injection issue...

WordPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. SQL injection vulnerability exists in Wordpress Plugin...

WordPress Visitor Traffic Real Time Statistics plugin <= 3.8 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Visitor Traffic Real Time Statistics plugin versions = 3.8. Solution Update the WordPress Visitor Traffic Real Time Statistics plugin to the latest available version at least 3.9...

WordPress Visitor Traffic Real Time Statistics plugin <= 2.11 - Arbitrary Plugin Installation and Activation vulnerability

Arbitrary Plugin Installation and Activation vulnerability discovered by Bugbang in WordPress Visitor Traffic Real Time Statistics plugin versions = 2.11. Solution Update the WordPress Visitor Traffic Real Time Statistics plugin to the latest available version at least 2.12...

WordPress Visitor Traffic Real Time Statistics Plugin < 1.12 CSRF Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

WordPress Visitor Traffic Real Time Statistics Plugin < 1.13 CSRF Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

WordPress visitors-traffic-real-time-statistics plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. visitors-traffic-real-time-statistics is a real-time website traffic statistics plugin used in it. A cross-site request forgery...

CVE-2019-15831

The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page...

CVE-2019-15831

The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page...

Cross site request forgery (csrf)

The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page...

WordPress newstatpress plugin cross-site scripting vulnerability (CNVD-2019-30373)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. newstatpress is a plugin used in it for real-time statistics on blog visits. A cross-site scripting vulnerability exists in the...

WordPress Visitors Traffic Real Time Statistics plugin <= 1.12 - Cross-Site Request Forgery (CSRF) leading to Stored XSS/SQLi vulnerabilities

Cross-Site Request Forgery CSRF vulnerability leading to Stored XSS/SQLi vulnerabilities found by Paul Dannewitz in WordPress Visitors Traffic Real Time Statistics plugin versions = 1.12. Solution Update the WordPress Visitors Traffic Real Time Statistics plugin to the latest available version at...

AdMan Standalone Ad Server Cross Site Scripting / SQL Injection

=========================================================== AdMan Standalone Ad Server SQLi AND XSS Vulnerability =========================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ ...

Impact Software AdPeeps 8.5d1 - Cross-Site Scripting HTML Injection

Impact Software AdPeeps 8.5d1 - Cross-Site Scripting HTML Injection AdPeeps Ad Rotator - XSS and HTML Injection Vulnerabilities Version Affected: 8.5d1 3-18-09 newest Info: Ad Peeps is a banner rotator and text ad rotator - all in one that allows you to track, sell and manage banner ads,...