The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-12-21T08:45:29
Updated: 2024-08-03T19:42:16.622Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24750
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-12-21T09:15:06.987
Modified: 2024-11-21T05:53:41.390
Link: CVE-2021-24750
Redhat
No data.