CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32098 – WordPress Advanced Page Visit Counter plugin <= 8.0.6 - Auth. SQL Injection (SQLi) vulnerability
https://notcve.org/view.php?id=CVE-2024-32098
11 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter.This issue affects Advanced Page Visit Counter: from n/a through 8.0.6. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Page Visit Counter Advanced Page Visit Counter. Este problema afecta al Contador de visitas a la página avanzado: desde n/a hasta 8.0.6. The Advanced Page Visit Counter plu... • https://patchstack.com/database/vulnerability/advanced-page-visit-counter/wordpress-advanced-page-visit-counter-plugin-8-0-6-auth-sql-injection-sqli-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24957 – Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection
https://notcve.org/view.php?id=CVE-2021-24957
08 Apr 2022 — The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection El plugin de WordPress Advanced Page Visit Counter antes de la versión 6.1.6 no escapa el parámetro artID antes de utilizarlo en una sentencia SQL en la acción apvc_reset_count_art AJAX, disponible para cualquier usuario autenticado, lo que lleva a una inyección SQL The Adv... • https://wpscan.com/vulnerability/a282606f-6abf-4f75-99c9-dab0bea8cc96 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25086 – Advanced Page Visit Counter < 6.1.2 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25086
05 Apr 2022 — The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it El plugin Advanced Page Visit Counter de WordPress anterior a la versión 6.1.2 no sanea y escapa de algunas entradas antes de mostrarlas en una página del panel de control del administrador, lo que permite a los atacantes no autentificados realizar ataques de ... • https://wpscan.com/vulnerability/2cf9e517-d882-4af2-bd12-e700b75e7a11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •