The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wp visitor statistics \\(real time traffic\\) project wp visitor statistics \\(real time traffic\\) |