Threat Entry Updated 2025-06-04

CVE-2023-5529 - Advanced Page Visit Counter Plugin

The Advanced Page Visit Counter WordPress plugin before 8.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Advanced Page Visit Counter

CVE-2023-5529

MEDIUM CVSS 4.8 2025-05-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2023-28788 - Advanced Page Visit Counter Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 6.4.2.

PLUGIN Advanced Page Visit Counter

CVE-2023-28788

HIGH CVSS 7.1 2023-12-20

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2023-50371 - Advanced Page Visit Counter Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows Stored XSS.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 8.0.6.

PLUGIN Advanced Page Visit Counter

CVE-2023-50371

MEDIUM CVSS 6.5 2023-12-14

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-02-26

CVE-2023-45074 - Advanced Page Visit Counter Plugin

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.

PLUGIN Advanced Page Visit Counter

CVE-2023-45074

CRITICAL CVSS 9.8 2023-11-06

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-25086 - Advanced Page Visit Counter Plugin

The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it

PLUGIN Advanced Page Visit Counter

CVE-2021-25086

MEDIUM CVSS 6.1 2022-05-02

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24957 - Advanced Page Visit Counter Plugin

The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection

PLUGIN Advanced Page Visit Counter

CVE-2021-24957

HIGH CVSS 8.8 2022-04-25

Risk Score

Open Full Technical Breakdown