CVE-2021-24750

CVE-2021-24750: WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection

Vendor Unknown

Product WP Visitor Statistics (Real Time Traffic)

Weakness CWE-89 · SQLi

Published December 21, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks

Key dates

02Disclosure timeline

December 21, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24750

Related vulnerabilities

04Related CVE

CVE-2024-10856 Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection CVE-2025-0946 itsourcecode Tailoring Management System templatedelete.php sql injection CVE-2024-31355 WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Auth. SQL Injection vulnerability CVE-2026-0585 code-projects Online Product Reservation System GET Parameter order_view.php sql injection CVE-2026-26001 GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report