MidnightBSD

Advisories for advanced_page_visit_counter_project

CVE-2021-24957 MEDIUM

The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
advanced_page_visit_counter_project advanced_page_visit_counter *
CVE-2021-25086 MEDIUM

The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
advanced_page_visit_counter_project advanced_page_visit_counter *