Vulnerabilities and security researches forkama-clic-counter kama-clic-counter

Jun 07, 2024

CVE, Research URL: CVE-2017-20103
Home page URL: Security reports for Kama Click Counter
Application: Kama Click Counter
Date: Jun 28, 2022
Research Description: A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component.
Affected versions: max 3.4.8.
Status: vulnerable

CVE, Research URL: CVE-2017-18614
Home page URL: Security reports for Kama Click Counter
Application: Kama Click Counter
Date: Sep 13, 2019
Research Description: The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.
Affected versions: max 3.5.0.
Status: vulnerable

CVE, Research URL: CVE-2017-18615
Home page URL: Security reports for Kama Click Counter
Application: Kama Click Counter
Date: Sep 13, 2019
Research Description: The kama-clic-counter plugin before 3.5.0 for WordPress has XSS.
Affected versions: max 3.5.0.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-49861
Home page URL: Security reports for Kama Click Counter
Application: Kama Click Counter
Date: -
Research Description: Kama Click Counter [kama-clic-counter] < 4.0.4 CVE-2025-49861
Affected versions: max 4.0.4.
Status: vulnerable