Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2936 | 2 Wordpress, Wp-buy | 2 Wordpress, Visitor Traffic Real Time Statistics | 2026-04-06 | 7.2 High |
| The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an admin user accesses the Traffic by Title section. | ||||
| CVE-2021-24829 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2024-11-21 | 8.8 High |
| The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue | ||||
| CVE-2021-24193 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2024-11-21 | 8.8 High |
| Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. | ||||
| CVE-2019-15832 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2024-11-21 | N/A |
| The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | ||||
| CVE-2019-15831 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2024-11-21 | N/A |
| The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | ||||
Page 1 of 1.