CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0410 – WP Visitor Statistics (Real Time Traffic) < 5.6 - Subscriber+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-0410
14 Feb 2022 — The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection El plugin WP Visitor Statistics (Real Time Traffic) de WordPress versiones anteriores a 5.6, no sanea y escapa del parámetro id antes de usarlo en una sentencia SQLpor medio de la acción AJAX refUrlDetails, disponible para cualquier usuario autenticado, conl... • https://wpscan.com/vulnerability/0d6b89f5-cf12-4ad4-831b-fed26763ba20 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 67%CPEs: 1EXPL: 4CVE-2021-24750 – WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24750
21 Dec 2021 — The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks El plugin WP Visitor Statistics (Real Time Traffic) de WordPress versiones anteriores a 4.8, no sanea y escapa correctamente de la refUrl en la acción refDetails AJAX, disponible para cualquier usuario autenticado, que podría permi... • https://www.exploit-db.com/exploits/50619 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10991 – WP Statistics <= 12.0.9 - Authenticated Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-10991
07 Jul 2017 — The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page. El plugin WP Statistics hasta la versión 12.0.9 para WordPress tiene XSS en los parámetros rangestart y rangeend en la página wps_referrers_page. • https://lorexxar.cn/2017/07/07/WordPress%20WP%20Statistics%20authenticated%20xss%20Vulnerability%28WP%20Statistics%20-=12.0.9%29 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2147
https://notcve.org/view.php?id=CVE-2017-2147
28 Apr 2017 — Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en WP Statistics version 12.0.4 y anteriores, que permitiría a un atacante remoto inyectar secuencia de comandos web o HTML arbitrarios a través de vectores no especificados • http://jvn.jp/en/jp/JVN77253951/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2135
https://notcve.org/view.php?id=CVE-2017-2135
28 Apr 2017 — Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de Cross-Site Scripting en WP Statistics versión 12.0.1 y anteriores permite a los atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://jvn.jp/en/jp/JVN17633442/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2136 – WP Statistics <= 12.0.4 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-2136
13 Apr 2017 — Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. Vulnerabilidad de Cross-Site Scripting en WP Statistics versión 12.0.1 y anteriores permite a los atacantes remotos inyectar secuencias de comandos web o HTML a través de encabezados HTTP Referer especialmente diseñados. • http://jvn.jp/en/jp/JVN62392065/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •