cleantalk
Vulnerabilities and Security Researches

Kama Click Counter, CVE-2017-20103

CVE, Research URL

CVE-2017-20103

Home page URL

Security reports for Kama Click Counter

Application

Kama Click Counter

Published on
Jun 28, 2022
Research Description
A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component.
Affected versions
max 3.4.8.
Status
vulnerable
Previous vulnerability researches
Kama Click Counter (CVE-2017-20103) , Jun 07, 2024
Kama Click Counter (CVE-2017-18614) , Jun 07, 2024
Kama Click Counter (CVE-2017-18615) , Jun 07, 2024
Kama Click Counter (CVE-2025-49861) , Jun 15, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026