Vulnerabilities > CVE-2021-25042 - Missing Authorization vulnerability in Plugins-Market WP Visitor Statistics (Real Time Traffic)

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

plugins-market

CWE-862

NVD

Published: 2022-02-28

Updated: 2022-03-08

Summary

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have authorisation and CSRF checks in the updateIpAddress AJAX action, allowing any authenticated user to call it, or make a logged in user do it via a CSRF attack and add an arbitrary IP address to exclude. Furthermore, due to the lack of validation, sanitisation and escaping, users could set a malicious value and perform Cross-Site Scripting attacks against logged in admin

Vulnerable Configurations

Part	Description	Count
Application	Plugins-Market Plugins Market WP Visitor Statistics (Real Time Traffic) - Plugins Market WP Visitor Statistics (Real Time Traffic) 1.0 Plugins Market WP Visitor Statistics (Real Time Traffic) 1.1 Plugins Market WP Visitor Statistics (Real Time Traffic) 1.2 Plugins Market WP Visitor Statistics (Real Time Traffic) 1.3 Plugins Market WP Visitor Statistics (Real Time Traffic) 1.4 Plugins Market WP Visitor Statistics (Real Time Traffic) 1.5 Plugins Market WP Visitor Statistics (Real Time Traffic) 1.6 Plugins Market WP Visitor Statistics (Real Time Traffic) 1.7 Plugins Market WP Visitor Statistics (Real Time Traffic) 1.8 Plugins Market WP Visitor Statistics (Real Time Traffic) 1.9 Plugins Market WP Visitor Statistics (Real Time Traffic) 2.1 Plugins Market WP Visitor Statistics (Real Time Traffic) 2.2 Plugins Market WP Visitor Statistics (Real Time Traffic) 2.3 Plugins Market WP Visitor Statistics (Real Time Traffic) 2.4 Plugins Market WP Visitor Statistics (Real Time Traffic) 2.5 Plugins Market WP Visitor Statistics (Real Time Traffic) 2.6 Plugins Market WP Visitor Statistics (Real Time Traffic) 2.7 Plugins Market WP Visitor Statistics (Real Time Traffic) 2.8 Plugins Market WP Visitor Statistics (Real Time Traffic) 2.9 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.1 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.2 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.3 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.4 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.5 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.6 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.7 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.8 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.9 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.10 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.11 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.12 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.13 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.14 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.15 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.16 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.17 Plugins Market WP Visitor Statistics (Real Time Traffic) 3.18 Plugins Market WP Visitor Statistics (Real Time Traffic) 4.1 Plugins Market WP Visitor Statistics (Real Time Traffic) 4.2 Plugins Market WP Visitor Statistics (Real Time Traffic) 4.3 Plugins Market WP Visitor Statistics (Real Time Traffic) 4.4 Plugins Market WP Visitor Statistics (Real Time Traffic) 4.5 Plugins Market WP Visitor Statistics (Real Time Traffic) 4.6 Plugins Market WP Visitor Statistics (Real Time Traffic) 4.7 Plugins Market WP Visitor Statistics (Real Time Traffic) 4.8 Plugins Market WP Visitor Statistics (Real Time Traffic) 4.9 Plugins Market WP Visitor Statistics (Real Time Traffic) 5.0 Plugins Market WP Visitor Statistics (Real Time Traffic) 5.1	49

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://wpscan.com/vulnerability/05b9e478-2d3b-4460-88c1-7f81d3a68ac4