Visitor statistics Vulnerabilities
Security vulnerability tracking for Codepress Visitor statistics
7
2
6
0
Vulnerability Timeline
7 vulnerabilities discovered over time for Visitor statistics
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2024-24867 | 7.5 | This vulnerability allows an attacker to access sensitive information from the WP Visitor Statistics plugin, potentially exposing user data and site activity. It affects versions up to 6.9.4, so sites using this plugin without updates are at risk. | codepressvisitor statistics | Exploit Available | about 2 years agoMar 17, 2024 |
| CVE-2023-0600 | 9.8 | This vulnerability allows attackers to execute unauthorized SQL commands on the database of websites using the WP Visitor Statistics plugin, potentially exposing sensitive data. It can be exploited by anyone visiting the site, as no authentication is required to launch the attack. | codepressvisitor statistics | Exploit Available | almost 3 years agoMay 15, 2023 |
| CVE-2022-4656 | 5.4 | This vulnerability allows an attacker with a low-level user role, like a contributor, to inject malicious scripts into the website, potentially leading to unauthorized actions or data theft. It occurs because the plugin fails to properly check and clean up certain inputs, making it easier for attackers to exploit. | codepressvisitor statistics | Exploit Available | about 3 years agoFeb 13, 2023 |
| CVE-2022-33965 | 9.8 | This vulnerability allows an attacker to access and manipulate the database of a WordPress site using the Osamaesh WP Visitor Statistics plugin, potentially exposing sensitive information or altering data. It can be exploited without needing to log in, making it particularly dangerous for any site using this plugin version 5.7 or earlier. | codepressvisitor statistics | Exploit Available | over 3 years agoJul 25, 2022 |
| CVE-2022-0410 | 8.8 | This vulnerability allows an attacker with an authenticated user account to manipulate the database by injecting malicious SQL code through a poorly handled parameter in the WP Visitor Statistics plugin. If exploited, this could lead to unauthorized access to sensitive data or even complete control over the database. | codepressvisitor statistics | Exploit Available | about 4 years agoMar 7, 2022 |
| CVE-2021-25042 | 5.4 | This vulnerability allows an attacker to add any IP address to the exclusion list of the WP Visitor Statistics plugin, potentially blocking legitimate traffic. It requires the attacker to be an authenticated user or to trick a logged-in user into executing the action, and it could also lead to malicious scripts being run in the admin area due to poor input handling. | codepressvisitor statistics | Theoretical | about 4 years agoFeb 28, 2022 |
| CVE-2021-24750 | 8.8 | This vulnerability allows an attacker, even with a low-level user role like a subscriber, to execute SQL injection attacks, which means they could manipulate the database to access or alter sensitive information. The issue arises from the plugin not properly cleaning up user input in a specific function, making it accessible to any authenticated user. | codepressvisitor statistics | Exploit Available | over 4 years agoDec 21, 2021 |
About Codepress Visitor statistics Security
This page provides comprehensive security vulnerability tracking for Codepress Visitor statistics. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Visitor statistics updated to the latest version
- • Subscribe to security advisories from Codepress
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately