Lucene search

Visitor Traffic Real Time Statistics Security Vulnerabilities

cve

CVE-2019-15831

The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.

8.8CVSS

8.7AI Score

0.001EPSS

2019-08-30 02:15 PM

cve

CVE-2019-15832

The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.

8.8CVSS

8.7AI Score

0.001EPSS

2019-08-30 02:15 PM

cve

CVE-2021-24193

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, w...

8.8CVSS

8.6AI Score

0.001EPSS

2021-05-14 12:15 PM

cve

CVE-2021-24829

The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue

8.8CVSS

8.9AI Score

0.001EPSS

2021-11-08 06:15 PM