Vulnerabilities and security researches forwp-stats-manager wp-stats-manager

Jun 06, 2024

CVE, Research URL: CVE-2022-33965
Home page URL: Security reports for WP Visitor Statistics (Real Time Traffic)
Application: WP Visitor Statistics (Real Time Traffic)
Date: Jul 25, 2022
Research Description: Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-0600
Home page URL: Security reports for WP Visitor Statistics (Real Time Traffic)
Application: WP Visitor Statistics (Real Time Traffic)
Date: May 15, 2023
Research Description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-0410
Home page URL: Security reports for WP Visitor Statistics (Real Time Traffic)
Application: WP Visitor Statistics (Real Time Traffic)
Date: Mar 07, 2022
Research Description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-4656
Home page URL: Security reports for WP Visitor Statistics (Real Time Traffic)
Application: WP Visitor Statistics (Real Time Traffic)
Date: Feb 13, 2023
Research Description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24750
Home page URL: Security reports for WP Visitor Statistics (Real Time Traffic)
Application: WP Visitor Statistics (Real Time Traffic)
Date: Dec 21, 2021
Research Description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-24867
Home page URL: Security reports for WP Visitor Statistics (Real Time Traffic)
Application: WP Visitor Statistics (Real Time Traffic)
Date: Mar 17, 2024
Research Description: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-25042
Home page URL: Security reports for WP Visitor Statistics (Real Time Traffic)
Application: WP Visitor Statistics (Real Time Traffic)
Date: Feb 28, 2022
Research Description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin
Affected versions: Min -, max -.
Status: vulnerable

Jan 09, 2025

CVE, Research URL: CVE-2025-22304
Home page URL: Security reports for WP Visitor Statistics (Real Time Traffic)
Application: WP Visitor Statistics (Real Time Traffic)
Date: Jan 07, 2025
Research Description: Missing Authorization vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.3.
Affected versions: Min -, max -.
Status: vulnerable

Jan 25, 2025

CVE, Research URL: CVE-2025-24675
Home page URL: Security reports for WP Visitor Statistics (Real Time Traffic)
Application: WP Visitor Statistics (Real Time Traffic)
Date: Jan 24, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.2.
Affected versions: Min -, max -.
Status: vulnerable

Jun 24, 2025

CVE, Research URL: CVE-2025-49996
Home page URL: Security reports for WP Visitor Statistics (Real Time Traffic)
Application: WP Visitor Statistics (Real Time Traffic)
Date: Jun 20, 2025
Research Description: Missing Authorization vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.8.
Affected versions: Min -, max -.
Status: vulnerable