CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 1CVE-2021-24350 – Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24350
26 May 2021 — The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel. El plugin Visitors WordPress versiones hasta 0.3, está afectado por una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenado sin autenticación. El plugin mostraría la cadena de agente de usuario del usuario sin comprobación o codificación dentro del panel de a... • https://wpscan.com/vulnerability/06f1889d-8e2f-481a-b91b-3a8008e00ffc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2017-2171
https://notcve.org/view.php?id=CVE-2017-2171
22 May 2017 — Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Post... • http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18537 – Visitors Online by BestWebSoft < 1.0.0 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18537
12 Apr 2017 — The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues. El plugin visitors-online versiones anteriores a 1.0.0 para WordPress, presenta múltiples problemas de tipo XSS. The Visitors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.9 due to insufficient input sanitization and output escaping on the 'category' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's ... • https://wordpress.org/plugins/visitors-online/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9325 – Visitors Online by BestWebSoft <= 0.3 - SQL Injection
https://notcve.org/view.php?id=CVE-2015-9325
26 Oct 2015 — The visitors-online plugin before 0.4 for WordPress has SQL injection. El plugin visitors-online versiones anteriores a 0.4 para WordPress, presenta una inyección SQL. The Visitors Online by BestWebSoft plugin for WordPress is vulnerable to generic SQL Injection in versions up to, and including, 0.3 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries int... • https://wordpress.org/plugins/visitors-online/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •