Advanced Page Visit Counter Project

Advanced Page Visit Counter

2 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-25086

Exploit
  • EPSS 21.64%
  • Published 02.05.2022 16:15:08
  • Last modified 21.11.2024 05:54:19

The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing i...

8.8

CVE-2021-24957

Exploit
  • EPSS 0.95%
  • Published 25.04.2022 16:16:07
  • Last modified 21.11.2024 05:54:04

The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection