Visitor Traffic Real Time Statistics

visitor_traffic_real_time_statistics

Vendor: Wp Buy • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24829 1Wp Buy 1Visitor Traffic Real Time Statistics Nov 21, 2024 Nov 8, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL s...Show more The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issueShow less
CVE-2021-24193 1Wp Buy 1Visitor Traffic Real Time Statistics Nov 21, 2024 May 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from t...Show more Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.Show less
CVE-2019-15832 1Wp Buy 1Visitor Traffic Real Time Statistics Nov 21, 2024 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.
CVE-2019-15831 1Wp Buy 1Visitor Traffic Real Time Statistics Nov 21, 2024 Aug 30, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.