VYPR

Kento Post View Counter

by WordPress

CVEs (4)

  • CVE-2016-15040CriOct 16, 2024
    risk 0.64cvss 9.8epss 0.01

    The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…

  • CVE-2016-10982HigSep 17, 2019
    risk 0.57cvss 8.8epss 0.01

    The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.

  • CVE-2016-10981MedSep 17, 2019
    risk 0.40cvss 6.1epss 0.01

    The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.

  • CVE-2016-10980MedSep 17, 2019
    risk 0.40cvss 6.1epss 0.01

    The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.