Visitors Traffic Real Time Statistics <= 1.12 - CSRF to Stored XSS/SQLi



Description
A CSRF vulnerability in the plugin gives attackers the possibility to craft an AJAX request, which lets blog administrators alter plugin settings. Due to a lack of encoding for malicious data when displaying it in the admin backend, there is a Stored XSS. Also, as the user input coming from the attacker is directly being passed to the WPDB query() method, there might be a possible SQL injection.

Stored XSS/SQLi fixed in version 1.12/1.13

CSRF is still unfixed

Affects Plugin

References

CVE 2019-15831
CVE 2019-15832
URL https://dannewitz.ninja/posts/visitors-traffic-real-time-statistics-csrf-to-stored-xss
URL https://plugins.trac.wordpress.org/changeset/2117152/visitors-traffic-real-time-statistics

Classification

Type MULTI

Miscellaneous

Original Researcher Paul Dannewitz
Submitter Paul Dannewitz
Submitter Website https://dannewitz.ninja
Submitter Twitter padannewitz
Views 2949
Verified No
WPVDB ID 9420

Timeline

Publicly Published 2019-07-03 (3 months ago)
Added 2019-07-04 (3 months ago)
Last Updated 2019-08-31 (20 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin