Vulnerabilities and security researches forvisitors-traffic-real-time-statistics visitors-traffic-real-time-statistics
Direction: ascendingJun 06, 2024
Visitor Traffic Real Time Statistics # CVE-2021-24193
- CVE, Research URL
- Application
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
max 2.12.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # CVE-2021-24192
- CVE, Research URL
- Application
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
max 2.12.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # CVE-2021-24195
- CVE, Research URL
- Application
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
max 2.12.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # CVE-2019-15831
- CVE, Research URL
- Application
- Date
- Aug 30, 2019
- Research Description
- The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.
- Affected versions
-
max 1.13.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # CVE-2021-24188
- CVE, Research URL
- Application
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
max 2.12.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # CVE-2019-15832
- CVE, Research URL
- Application
- Date
- Aug 30, 2019
- Research Description
- The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.
- Affected versions
-
max 1.14.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # CVE-2021-24190
- CVE, Research URL
- Application
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
max 2.12.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # CVE-2021-24829
- CVE, Research URL
- Application
- Date
- Nov 08, 2021
- Research Description
- The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue
- Affected versions
-
max 3.9.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # CVE-2021-24191
- CVE, Research URL
- Application
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Maintenance Mode & Site Under Construction WordPress plugin before 1.8.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
max 2.12.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # CVE-2021-24194
- CVE, Research URL
- Application
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
max 2.12.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # CVE-2021-24189
- CVE, Research URL
- Application
- Date
- May 14, 2021
- Research Description
- Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.
- Affected versions
-
max 2.12.
- Status
-
vulnerable
Jun 10, 2024
Visitor Traffic Real Time Statistics # CVE-2023-47557
- CVE, Research URL
- Application
- Date
- Jan 02, 2025
- Research Description
- Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics visitors-traffic-real-time-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through <= 7.2.
- Affected versions
-
max 7.2.
- Status
-
vulnerable
Apr 13, 2026
Visitor Traffic Real Time Statistics # CVE-2026-2936
- CVE, Research URL
- Application
- Date
- Apr 04, 2026
- Research Description
- The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_title' parameter in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an admin user accesses the Traffic by Title section.
- Affected versions
-
max 8.5.
- Status
-
vulnerable
Jun 16, 2026
Visitor Traffic Real Time Statistics # e8d4a97633d55dd8c46a212365ad808cf7c30224
- CVE, Research URL
- Application
- Date
- Apr 22, 2021
- Research Description
- Visitor Traffic Real Time Statistics [visitors-traffic-real-time-statistics] < 2.12 WordPress Visitor Traffic Real Time Statistics plugin <= 2.11 - Arbitrary Plugin Installation and Activation vulnerability Arbitrary Plugin Installation and Activation vulnerability discovered by Bugbang in WordPress Visitor Traffic Real Time Statistics plugin (versions <= 2.11).
- Affected versions
-
max 2.12.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # 3961132f-ecc1-4f41-83f1-3ac537143b38
- CVE, Research URL
- Application
- Date
- -
- Research Description
- Visitor Traffic Real Time Statistics [visitors-traffic-real-time-statistics] < 2.13 Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF The "cp_plugins_do_button_job_later_callback" AJAX action, from multiple plugins of the WP-Buy vendor, was lacking CSRF check, allowing attackers to make a logged in administrator install and active arbitrary plugins (including specific version) from the WordPress repository which could lead to more critical vulnerabilities like RCE.
- Affected versions
-
max 2.13.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # d55d0500d8a2618b43e8fa9d45f7c31c4efa802b
- CVE, Research URL
- Application
- Date
- Jul 04, 2019
- Research Description
- Visitor Traffic Real Time Statistics [visitors-traffic-real-time-statistics] < 1.13 WordPress Visitors Traffic Real Time Statistics plugin <= 1.12 - Cross-Site Request Forgery (CSRF) leading to Stored XSS/SQLi vulnerabilities Cross-Site Request Forgery (CSRF) vulnerability leading to Stored XSS/SQLi vulnerabilities found by Paul Dannewitz in WordPress Visitors Traffic Real Time Statistics plugin (versions <= 1.12).
- Affected versions
-
max 1.13.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # f63eb76442624247e0301d43c74528b703d8c4ff
- CVE, Research URL
- Application
- Date
- Apr 22, 2021
- Research Description
- Visitor Traffic Real Time Statistics [visitors-traffic-real-time-statistics] < 3.1 Visitor Traffic Real Time Statistics <= 2.13 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation The Visitor Traffic Real Time Statistics Plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.13. This is due to missing or incorrect nonce validation on the 'cp_plugins_do_button_job_later_callback' AJAX action. This makes it possible for unauthenticated attackers to install and activate other plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Affected versions
-
max 3.1.
- Status
-
vulnerable
Visitor Traffic Real Time Statistics # baffce5a6fc5e85197460aeb8e39c3c1d6321cac
- CVE, Research URL
- Application
- Date
- Jun 05, 2023
- Research Description
- Visitor Traffic Real Time Statistics [visitors-traffic-real-time-statistics] < 6.9 Visitor Traffic Real Time Statistics <= 6.7 - Missing Authorization to Information Disclosure The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.7. This makes it possible for authenticated attackers to retrieve site statistics.
- Affected versions
-
max 6.9.
- Status
-
vulnerable