What is CVE-2021-24750?

CVE-2021-24750 is a vulnerability in Wp Visitor Statistics (Real Time Traffic), classified under SQL Injection. Published 2021-12-21.

Is CVE-2021-24750 known to be exploited?

22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Wp Visitor Statistics (Real Time Traffic)

CVE-2021-24750

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as su…

Vulnerability class: SQL Injection

EPSS: 0.643 (98.5th percentile) — read the EPSS interpretation.

Affected products

Unknown Wp Visitor Statistics (Real Time Traffic) — versions 4.8

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de (x_refsource_MISC)
plugins.trac.wordpress.org/changeset/2622268 (x_refsource_CONFIRM)
packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-In… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24750?: CVE-2021-24750 is a vulnerability in Wp Visitor Statistics (Real Time Traffic), classified under SQL Injection. Published 2021-12-21.
Is CVE-2021-24750 known to be exploited?: 22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.