Filtered by vendor Codepress Subscriptions

Search

Switch to Advanced Search (Beta)
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-7654 2 Codepress, Wordpress 2 Admin Columns, Wordpress 2026-06-07 8.8 High
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper validation. This makes it possible for authenticated attackers with Contributor-level access and above to inject a serialized PHP object into a post's custom meta field and trigger arbitrary code execution by exploiting a bundled POP gadget chain, resulting in remote code execution as the web server user.
CVE-2024-24867 1 Codepress 1 Visitor Statistics 2026-04-28 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4.
CVE-2023-0600 1 Codepress 1 Visitor Statistics 2026-03-06 9.8 Critical
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.
CVE-2022-33965 1 Codepress 1 Visitor Statistics 2026-03-06 9.3 Critical
Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress.
CVE-2021-24750 1 Codepress 1 Visitor Statistics 2026-03-06 8.8 High
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks