Description
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
Published: 2023-05-15
Score: 9.8 Critical
EPSS: 77.4% High
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Codepress
Codepress visitor Statistics
Weaknesses CWE-89
CPEs cpe:2.3:a:plugins-market:wp_visitor_statistics:*:*:*:*:*:wordpress:*:* cpe:2.3:a:codepress:visitor_statistics:*:*:*:*:-:wordpress:*:*
Vendors & Products Plugins-market
Plugins-market wp Visitor Statistics
Codepress
Codepress visitor Statistics

Fri, 24 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Codepress Visitor Statistics
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-01-24T20:22:17.142Z

Reserved: 2023-01-31T19:04:31.711Z

Link: CVE-2023-0600

cve-icon Vulnrichment

Updated: 2024-08-02T05:17:50.061Z

cve-icon NVD

Status : Analyzed

Published: 2023-05-15T13:15:09.867

Modified: 2026-03-06T19:34:08.807

Link: CVE-2023-0600

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses