Kentothemes

kentothemes

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Kento Post View Counter

kento-post-view-counter

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-15040 1Kentothemes 1Kento Post View Counter Dec 23, 2025 Oct 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack...Show more The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2016-10982 1Kentothemes 1Kento Post View Counter Nov 21, 2024 Sep 17, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.
CVE-2016-10981 1Kentothemes 1Kento Post View Counter Nov 21, 2024 Sep 17, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.
CVE-2016-10980 1Kentothemes 1Kento Post View Counter Nov 21, 2024 Sep 17, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.