CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22709 – WordPress SRS Simple Hits Counter Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-22709
19 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <= 1.1.0 versions. The SRS Simple Hits Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the srs_admin_settings_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an actio... • https://patchstack.com/database/vulnerability/srs-simple-hits-counter/wordpress-srs-simple-hits-counter-plugin-1-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-5766 – SRS Simple Hits Counter Plugin for WordPress 1.03 - 1.04 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2020-5766
10 Jul 2020 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields. Una Neutralización Inapropiada de Elementos Especiales usada en un comando SQL ('SQL Injection') en SRS Simple Hits Counter Plugin para WordPress versiones 1.0.3 y 1.0.4, permite a un atacante no autenticado remoto determinar el valor de los campos de la base de datos • https://www.tenable.com/security/research/tra-2020-42 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •