CVE-2021-24750 Scanner

The WP Visitor Statistics (Real Time Traffic) plugin is used by WordPress site administrators to track traffic to their site in real-time. This plugin provides users with valuable information about the number of visitors to their site, the pages that are visited frequently, and the duration of each visit. This data can be used to optimize the site's content and improve the user experience. 

CVE-2021-24750 is a vulnerability detected in the WP Visitor Statistics (Real Time Traffic) plugin, which puts the security of the site at risk. This vulnerability arises because of improper sanitization and escaping of refUrl in the refDetails AJAX action, which is accessible to any authenticated user. Even users with a low-level role, such as a subscriber, can exploit this vulnerability, potentially leading to disastrous consequences. 

When exploited, this vulnerability can allow attackers to perform SQL injection attacks. As a result, they can gain unauthorized access to the site's database, steal sensitive user data, and compromise the site's security. This vulnerability can be very dangerous, particularly for sites that deal with confidential or financial information. 

In conclusion, the WP Visitor Statistics (Real Time Traffic) plugin is a valuable tool for WordPress site administrators. However, the CVE-2021-24750 vulnerability can put your site's security at risk. By following the above precautions and using a security plugin like s4e.io, you can quickly and effectively protect your site from potential threats. Don't let vulnerabilities go unnoticed - take action today to safeguard your digital assets.

REFERENCES

• http://packetstormsecurity.com/files/165433/WordPress-WP-Visitor-Statistics-4.7-SQL-Injection.html
• https://plugins.trac.wordpress.org/changeset/2622268
• https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de