CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0410 – WP Visitor Statistics (Real Time Traffic) < 5.6 - Subscriber+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-0410
14 Feb 2022 — The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection El plugin WP Visitor Statistics (Real Time Traffic) de WordPress versiones anteriores a 5.6, no sanea y escapa del parámetro id antes de usarlo en una sentencia SQLpor medio de la acción AJAX refUrlDetails, disponible para cualquier usuario autenticado, conl... • https://wpscan.com/vulnerability/0d6b89f5-cf12-4ad4-831b-fed26763ba20 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 67%CPEs: 1EXPL: 4CVE-2021-24750 – WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24750
21 Dec 2021 — The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks El plugin WP Visitor Statistics (Real Time Traffic) de WordPress versiones anteriores a 4.8, no sanea y escapa correctamente de la refUrl en la acción refDetails AJAX, disponible para cualquier usuario autenticado, que podría permi... • https://www.exploit-db.com/exploits/50619 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •