CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 1CVE-2023-0600 – WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi
https://notcve.org/view.php?id=CVE-2023-0600
24 Apr 2023 — The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks. The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to time-based blind SQL Injection via an unknown parameter in versions up to, and including, 6.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th... • https://wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4656 – WP Visitor Statistics (Real Time Traffic) < 6.5 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2022-4656
17 Jan 2023 — The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. The WP Visitor Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo... • https://wpscan.com/vulnerability/05976ed8-5a26-4eae-adb2-0ea3b2722391 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2022-33965 – WordPress WP Visitor Statistics plugin <= 5.7 - Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-33965
06 Jul 2022 — Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. Múltiples vulnerabilidades de inyección SQL no autenticada (SQLi) en el plugin Osamaesh WP Visitor Statistics versiones anteriores a 5.7 incluyéndola, en WordPress The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to SQL Injection via the 'refUrl' parameter in versions up to, and including, 5.7 due to insufficient escaping on the user supplied parameter a... • https://patchstack.com/database/vulnerability/wp-stats-manager/wordpress-wp-visitor-statistics-plugin-5-7-multiple-unauthenticated-sql-injection-sqli-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0410 – WP Visitor Statistics (Real Time Traffic) < 5.6 - Subscriber+ SQL Injection
https://notcve.org/view.php?id=CVE-2022-0410
14 Feb 2022 — The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection El plugin WP Visitor Statistics (Real Time Traffic) de WordPress versiones anteriores a 5.6, no sanea y escapa del parámetro id antes de usarlo en una sentencia SQLpor medio de la acción AJAX refUrlDetails, disponible para cualquier usuario autenticado, conl... • https://wpscan.com/vulnerability/0d6b89f5-cf12-4ad4-831b-fed26763ba20 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •