CVE-2021-24750 (GCVE-0-2021-24750)

Vulnerability from cvelistv5 – Published: 2021-12-21 08:45 – Updated: 2024-08-03 19:42
VLAI?
Title
WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection
Summary
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Unknown WP Visitor Statistics (Real Time Traffic) Affected: 4.8 , < 4.8 (custom)
Create a notification for this product.
Credits
Krzysztof Zając
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:42:16.622Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/2622268"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WP Visitor Statistics (Real Time Traffic)",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.8",
              "status": "affected",
              "version": "4.8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Krzysztof Zaj\u0105c"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-05T18:06:16",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://plugins.trac.wordpress.org/changeset/2622268"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WP Visitor Statistics (Real Time Traffic) \u003c 4.8 - Subscriber+ SQL Injection",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24750",
          "STATE": "PUBLIC",
          "TITLE": "WP Visitor Statistics (Real Time Traffic) \u003c 4.8 - Subscriber+ SQL Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WP Visitor Statistics (Real Time Traffic)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.8",
                            "version_value": "4.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Unknown"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Krzysztof Zaj\u0105c"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks"
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89 SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de",
              "refsource": "MISC",
              "url": "https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de"
            },
            {
              "name": "https://plugins.trac.wordpress.org/changeset/2622268",
              "refsource": "CONFIRM",
              "url": "https://plugins.trac.wordpress.org/changeset/2622268"
            },
            {
              "name": "http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24750",
    "datePublished": "2021-12-21T08:45:29",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:42:16.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wp_visitor_statistics_\\\\(real_time_traffic\\\\)_project:wp_visitor_statistics_\\\\(real_time_traffic\\\\):*:*:*:*:*:wordpress:*:*\", \"versionEndExcluding\": \"4.8\", \"matchCriteriaId\": \"91F932C5-1354-41E3-92CB-E15F399438ED\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks\"}, {\"lang\": \"es\", \"value\": \"El plugin WP Visitor Statistics (Real Time Traffic) de WordPress versiones anteriores a 4.8, no sanea y escapa correctamente de la refUrl en la acci\\u00f3n refDetails AJAX, disponible para cualquier usuario autenticado, que podr\\u00eda permitir a usuarios con un rol tan bajo como el de suscriptor llevar a cabo ataques de inyecci\\u00f3n SQL\"}]",
      "id": "CVE-2021-24750",
      "lastModified": "2024-11-21T05:53:41.390",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-12-21T09:15:06.987",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/2622268\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de\", \"source\": \"contact@wpscan.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://plugins.trac.wordpress.org/changeset/2622268\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "contact@wpscan.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"contact@wpscan.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-24750\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2021-12-21T09:15:06.987\",\"lastModified\":\"2024-11-21T05:53:41.390\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks\"},{\"lang\":\"es\",\"value\":\"El plugin WP Visitor Statistics (Real Time Traffic) de WordPress versiones anteriores a 4.8, no sanea y escapa correctamente de la refUrl en la acci\u00f3n refDetails AJAX, disponible para cualquier usuario autenticado, que podr\u00eda permitir a usuarios con un rol tan bajo como el de suscriptor llevar a cabo ataques de inyecci\u00f3n SQL\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"contact@wpscan.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wp_visitor_statistics_\\\\(real_time_traffic\\\\)_project:wp_visitor_statistics_\\\\(real_time_traffic\\\\):*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"4.8\",\"matchCriteriaId\":\"91F932C5-1354-41E3-92CB-E15F399438ED\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://plugins.trac.wordpress.org/changeset/2622268\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://plugins.trac.wordpress.org/changeset/2622268\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.