The WP Visitor Statistics (Real Time Traffic) WordPress plugin prior to 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wp visitor statistics project wp visitor statistics |