7 matches found
CVE-2023-0600
CVE-2023-0600 affects the WordPress plugin WP Visitor Statistics (Real Time Traffic) prior to version 6.9. The issue is that the plugin does not escape user input that is concatenated into an SQL query, enabling unauthenticated SQL Injection attacks. Reported impact describes that unauthenticated...
CVE-2022-33965
The CVE-2022-33965 entry corresponds to unauthenticated SQL injection vulnerabilities in the WordPress WP Visitor Statistics plugin (versions up to 5.7). The connected Nuclei template confirms multiple unauthenticated SQLi vectors in WordPress Visitor Statistics (
CVE-2024-24867
CVE-2024-24867 affects the WordPress plugin WP Visitor Statistics (Real Time Traffic). Affected software: WP Visitor Statistics (Real Time Traffic) versions up to 6.9.4. The underlying issue is exposure of sensitive information to unauthorized actors via log files. CVSS data indicate a NETWORK at...
CVE-2022-0410
CVE-2022-0410 affects the WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 5.6. The refUrlDetails AJAX action uses an unsanitized id parameter in a SQL statement, and this action is accessible to any authenticated user, leading to a SQL injection. Impact stated across connected...
CVE-2021-25042
The CVE concerns the WordPress plugin WP Visitor Statistics (Real Time Traffic) before version 5.5. The vulnerability stems from missing authorization and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user or a CSRF attacker to exclude an arbitrary IP address. Due to ...
CVE-2021-24750
CVE-2021-24750 pertains to the WordPress WP Visitor Statistics (Real Time Traffic) plugin. Affected version: before 4.8. The vulnerability arises from improper sanitization/escaping of the refUrl in the refDetails AJAX action, which is accessible to any authenticated user. This can allow an attac...
CVE-2022-4656
The CVE-2022-4656 vulnerability affects the WordPress plugin WP Visitor Statistics (Real Time Traffic) prior to version 6.5. It arises because a shortcode attribute is not properly validated/escaped, enabling Stored XSS when a user with as low as Contributor privileges views the shortcode output....