CVE-2026-2936
- EPSS 0.02%
- Veröffentlicht 04.04.2026 11:16:16
- Zuletzt bearbeitet 07.04.2026 13:20:55
The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes...
CVE-2021-24829
- EPSS 0.95%
- Veröffentlicht 08.11.2021 18:15:10
- Zuletzt bearbeitet 21.11.2024 05:53:50
The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL in...
CVE-2021-24193
- EPSS 0.6%
- Veröffentlicht 14.05.2021 12:15:08
- Zuletzt bearbeitet 21.11.2024 05:52:33
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as we...
CVE-2019-15831
- EPSS 0.11%
- Veröffentlicht 30.08.2019 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:29:33
The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.
CVE-2019-15832
- EPSS 0.2%
- Veröffentlicht 30.08.2019 14:15:10
- Zuletzt bearbeitet 21.11.2024 04:29:34
The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.