VYPR

Visitors

by WordPress

CVEs (2)

  • CVE-2022-4541HigSep 26, 2024
    risk 0.47cvss 7.2epss 0.00

    The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a spoofed HTTP Header value in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2021-24350MedJun 14, 2021
    risk 0.40cvss 6.1epss 0.01

    The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel.