SQL Injection Vulnerability Affects Advanced Page Visit Counter
CVE-2024-32098

7.6HIGH

Key Information:

Vendor: WordPress
Status: Advanced Page Visit Counter
Vendor: CVE Published:; 15 April 2024

What is CVE-2024-32098?

A vulnerability related to improper neutralization of special elements in SQL commands has been identified in the Advanced Page Visit Counter plugin, allowing for potential SQL injection attacks. This flaw affects versions from n/a up to 8.0.6, posing risks of unauthorized data access and manipulation. Exploitation of this vulnerability may enable attackers to interact with the database in unexpected ways, compromising the integrity and confidentiality of the data.

Affected Version(s)

Advanced Page Visit Counter <= 8.0.6

References

https://patchstack.com/database/vulnerability/advanced-pa...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2024
Vulnerability Reserved
Apr 10, 2024

Credit

Le Ngoc Anh (Patchstack Alliance)

WordPress

What is CVE-2024-32098?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit