Описание
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
Уязвимые конфигурации
Конфигурация 1Версия до 6.9 (исключая)
cpe:2.3:a:plugins-market:wp_visitor_statistics:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 99%
0.77404
Высокий
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
EPSS
Процентиль: 99%
0.77404
Высокий
9.8 Critical
CVSS3