exploitDog

CVE-2021-24829

Опубликовано: 08 нояб. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue

Ссылки

https://wpscan.com/vulnerability/cc6585c8-5798-48a1-89f7-a3337f56df3f
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/cc6585c8-5798-48a1-89f7-a3337f56df3f
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wp-buy:visitor_traffic_real_time_statistics:*:*:*:*:*:wordpress:*:*

Версия до 3.9 (исключая)

EPSS

Процентиль: 72%

0.00703

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-pchr-vw8h-5h7w

github

больше 3 лет назад

The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue

EPSS

Процентиль: 72%

0.00703

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

CWE-89