Advanced Page Visit Counter Project: >> Advanced Page Visit Counter Security Vulnerabilities
The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it
CVSS Score
6.1
EPSS Score
0.216
Published
2022-05-02
The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection
CVSS Score
8.8
EPSS Score
0.003
Published
2022-04-25