CVE-2021-24750

Description

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks

NVD
Severity: HIGH
CVE ID: CVE-2021-24750
CVSS Score: 8.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-24750

Refrence: Project Discovery GitHub

fimtow

Demonstration of the WP Visitor Statistics plugin exploit

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept