Search criteria
1 vulnerability by wp_visitor_statistics_\(real_time_traffic\)_project
CVE-2021-24750 (GCVE-0-2021-24750)
Vulnerability from cvelistv5 – Published: 2021-12-21 08:45 – Updated: 2024-08-03 19:42
VLAI?
Title
WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
Summary
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | WP Visitor Statistics (Real Time Traffic) |
Affected:
4.8 , < 4.8
(custom)
|
Credits
Krzysztof Zając
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:16.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2622268"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WP Visitor Statistics (Real Time Traffic)",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.8",
"status": "affected",
"version": "4.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-05T18:06:16",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2622268"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WP Visitor Statistics (Real Time Traffic) \u003c 4.8 - Subscriber+ SQL Injection",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24750",
"STATE": "PUBLIC",
"TITLE": "WP Visitor Statistics (Real Time Traffic) \u003c 4.8 - Subscriber+ SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Visitor Statistics (Real Time Traffic)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.8",
"version_value": "4.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2622268",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2622268"
},
{
"name": "http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24750",
"datePublished": "2021-12-21T08:45:29",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:16.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}