CVE-2021-24957
Advanced Page Visit Counter < 6.1.6 - Subscriber+ Blind SQL injection
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection
El plugin de WordPress Advanced Page Visit Counter antes de la versión 6.1.6 no escapa el parámetro artID antes de utilizarlo en una sentencia SQL en la acción apvc_reset_count_art AJAX, disponible para cualquier usuario autenticado, lo que lleva a una inyección SQL
The Advanced Page Visit Counter WordPress plugin through 6.1.5 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection
*Credits:
Krzysztof Zając
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-14 CVE Reserved
- 2022-04-08 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/a282606f-6abf-4f75-99c9-dab0bea8cc96 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Advanced Page Visit Counter Project Search vendor "Advanced Page Visit Counter Project" | Advanced Page Visit Counter Search vendor "Advanced Page Visit Counter Project" for product "Advanced Page Visit Counter" | < 6.1.6 Search vendor "Advanced Page Visit Counter Project" for product "Advanced Page Visit Counter" and version " < 6.1.6" | wordpress |
Affected
| ||||||