cleantalk
Vulnerabilities and Security Researches

StatCounter – Free Real Time Visitor Stats, CVE-2021-24920

CVE, Research URL

CVE-2021-24920

Home page URL

Security reports for StatCounter – Free Real Time Visitor Stats

Application

StatCounter – Free Real Time Visitor Stats

Published on
Feb 28, 2022
Research Description
The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Affected versions
max 2.0.7.
Status
vulnerable
Previous vulnerability researches
StatCounter – Free Real Time Visitor Stats (CVE-2025-13048) , Mar 29, 2026
StatCounter – Free Real Time Visitor Stats (CVE-2021-24920) , Jun 06, 2024
New vulnerability
Subscriptions for WooCommerce – Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box – WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2025-13067) , Mar 29, 2026