CVE-2021-24957

State: PUBLISHED · Published: 2022-04-25 · Updated: 2024-08-03 · Assigner: WPScan

Description

The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection

CWE

CWE-89 — CWE-89 SQL Injection

Affected

Unknown / Advanced Page Visit Counter – Advanced WordPress Visit Counter — v=6.1.6 <6.1.6 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/a282606f-6abf-4f75-99c9-dab0bea8cc96 x_refsource_MISC

Source

cvelistV5-main/cves/2021/24xxx/CVE-2021-24957.json