CVE-2021-24750
Description
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks
NVD
Severity: HIGH
CVE ID: CVE-2021-24750
CVSS Score: 8.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-24750
Refrence: Project Discovery GitHub
fimtow
Demonstration of the WP Visitor Statistics plugin exploit
Refrence: GitHub