WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to SQL Injection
CVE-2023-47558

7.6HIGH

Key Information:

Vendor: WordPress
Status: Who Hit The Page – Hit Counter
Vendor: CVE Published:; 18 December 2023

Summary

The Who Hit The Page – Hit Counter plugin by Mahlamusa is susceptible to an SQL Injection vulnerability, allowing attackers to manipulate SQL queries. This can lead to unauthorized access to database content, potentially compromising sensitive information. Users of versions from n/a up to 1.4.14.3 are advised to update immediately to mitigate this risk.

Affected Version(s)

Who Hit The Page – Hit Counter <= 1.4.14.3

References

https://patchstack.com/database/vulnerability/who-hit-the...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Nov 6, 2023

Credit

thiennv (Patchstack Alliance)