CVE-2021-24750
N/A
N/A
Summary
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | WP Visitor Statistics (Real Time Traffic) | 4.8 < 4.8 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de
- https://plugins.trac.wordpress.org/changeset/2622268
- http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html
References
- https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de
- https://plugins.trac.wordpress.org/changeset/2622268
- http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.