Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbPaul DannewitzWPVDB-ID:A75EB0AC-A87A-4324-9D59-31EE1E211647
HistoryJul 03, 2019 - 12:00 a.m.

Visitors Traffic Real Time Statistics < 1.13 - CSRF to Stored XSS/SQLi

2019-07-0300:00:00
Paul Dannewitz
wpscan.com
5

EPSS

0.001

Percentile

44.3%

JSON

A CSRF vulnerability in the plugin gives attackers the possibility to craft an AJAX request, which lets blog administrators alter plugin settings. Due to a lack of encoding for malicious data when displaying it in the admin backend, there is a Stored XSS. Also, as the user input coming from the attacker is directly being passed to the WPDB query() method, there might be a possible SQL injection.

Related

prion 2
cvelist 2
nvd 2
cve 2
openvas 2
prion
prion
Cross site request forgery (csrf)
2019-08-30 14:15:00
Cross site request forgery (csrf)
2019-08-30 14:15:00
cvelist
cvelist
CVE-2019-15831
2019-08-30 13:27:05
CVE-2019-15832
2019-08-30 13:31:08
nvd
nvd
CVE-2019-15832
2019-08-30 14:15:10
CVE-2019-15831
2019-08-30 14:15:10
cve
cve
CVE-2019-15831
2019-08-30 14:15:10
CVE-2019-15832
2019-08-30 14:15:10
openvas
openvas
WordPress Visitor Traffic Real Time Statistics Plugin < 1.12 CSRF Vulnerability
2019-09-05 00:00:00
WordPress Visitor Traffic Real Time Statistics Plugin < 1.13 CSRF Vulnerability
2019-09-05 00:00:00

EPSS

0.001

Percentile

44.3%

JSON
Related for WPVDB-ID:A75EB0AC-A87A-4324-9D59-31EE1E211647
prion2cvelist2nvd2cve2openvas2