Codepress Visitor Statistics — known CVE vulnerabilities
Every CVE whose affected-product data names Codepress Visitor Statistics, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-0600 — CVSS 9.8 (critical): The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query…
CVE-2022-0410 — CVSS 8.8 (high): The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in…
CVE-2021-24750 — CVSS 8.8 (high): The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the…
CVE-2022-4656 — CVSS 5.4 (medium): The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes…
CVE-2021-25042 — CVSS 5.4 (medium): The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the…
CVE-2024-24867 — CVSS 5.3 (medium): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue…