Lucene search
K
CodepressVisitor Statistics

7 matches found

CVE
CVE
added 2023/05/15 12:15 p.m.177 views

CVE-2023-0600

CVE-2023-0600 affects the WordPress plugin WP Visitor Statistics (Real Time Traffic) prior to version 6.9. The issue is that the plugin does not escape user input that is concatenated into an SQL query, enabling unauthenticated SQL Injection attacks. Reported impact describes that unauthenticated...

9.8CVSS10AI score0.04234EPSS
CVE
CVE
added 2022/07/25 2:1 p.m.131 views

CVE-2022-33965

The CVE-2022-33965 entry corresponds to unauthenticated SQL injection vulnerabilities in the WordPress WP Visitor Statistics plugin (versions up to 5.7). The connected Nuclei template confirms multiple unauthenticated SQLi vectors in WordPress Visitor Statistics (

9.8CVSS10AI score0.03413EPSS
CVE
CVE
added 2024/03/17 4:8 p.m.112 views

CVE-2024-24867

CVE-2024-24867 affects the WordPress plugin WP Visitor Statistics (Real Time Traffic). Affected software: WP Visitor Statistics (Real Time Traffic) versions up to 6.9.4. The underlying issue is exposure of sensitive information to unauthorized actors via log files. CVSS data indicate a NETWORK at...

7.5CVSS8.5AI score0.00453EPSS
CVE
CVE
added 2022/03/07 8:16 a.m.99 views

CVE-2022-0410

CVE-2022-0410 affects the WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 5.6. The refUrlDetails AJAX action uses an unsanitized id parameter in a SQL statement, and this action is accessible to any authenticated user, leading to a SQL injection. Impact stated across connected...

8.8CVSS8.9AI score0.01297EPSS
CVE
CVE
added 2022/02/28 9:6 a.m.85 views

CVE-2021-25042

The CVE concerns the WordPress plugin WP Visitor Statistics (Real Time Traffic) before version 5.5. The vulnerability stems from missing authorization and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user or a CSRF attacker to exclude an arbitrary IP address. Due to ...

5.4CVSS5.3AI score0.00516EPSS
CVE
CVE
added 2021/12/21 8:45 a.m.82 views

CVE-2021-24750

CVE-2021-24750 pertains to the WordPress WP Visitor Statistics (Real Time Traffic) plugin. Affected version: before 4.8. The vulnerability arises from improper sanitization/escaping of the refUrl in the refDetails AJAX action, which is accessible to any authenticated user. This can allow an attac...

8.8CVSS8.8AI score0.38298EPSS
CVE
CVE
added 2023/02/13 2:32 p.m.74 views

CVE-2022-4656

The CVE-2022-4656 vulnerability affects the WordPress plugin WP Visitor Statistics (Real Time Traffic) prior to version 6.5. It arises because a shortcode attribute is not properly validated/escaped, enabling Stored XSS when a user with as low as Contributor privileges views the shortcode output....

5.4CVSS5.4AI score0.00477EPSS