VYPR

Visitors Traffic Real Time Statistics

by WordPress

Source repositories

CVEs (13)

  • CVE-2025-49400CriAug 20, 2025
    risk 0.64cvss 9.8epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) allows Stored XSS. This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 8.2.

  • CVE-2023-0600CriMay 15, 2023
    risk 0.64cvss 9.8epss 0.04

    The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.

  • CVE-2022-0410HigMar 7, 2022
    risk 0.57cvss 8.8epss 0.01

    The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection

  • CVE-2021-24829HigNov 8, 2021
    risk 0.57cvss 8.8epss 0.01

    The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue

  • CVE-2021-24193HigMay 14, 2021
    risk 0.57cvss 8.8epss 0.01

    Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary…

  • CVE-2019-15832HigAug 30, 2019
    risk 0.57cvss 8.8epss 0.01

    The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.

  • CVE-2019-15831HigAug 30, 2019
    risk 0.57cvss 8.8epss 0.01

    The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.

  • CVE-2025-67983MedDec 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows DOM-Based XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 8.3.

  • CVE-2025-53566MedJul 4, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Stored XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 7.8.

  • CVE-2025-24675MedJan 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in osama.esh WP Visitor Statistics (Real Time Traffic) wp-stats-manager allows Stored XSS.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through <= 7.2.

  • CVE-2022-4656MedFeb 13, 2023
    risk 0.35cvss 5.4epss 0.00

    The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.5 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

  • CVE-2021-25042MedFeb 28, 2022
    risk 0.35cvss 5.4epss 0.01

    The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address…

  • CVE-2023-47557MedJan 2, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics visitors-traffic-real-time-statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through <= 7.2.