CVE-2023-0600

CRITICAL EXPLOITED NUCLEI

Plugins-market WP Visitor Statistics < 6.9 - SQL Injection

Title source: rule

Description

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.

Nuclei Templates (1)

WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection

CRITICALVERIFIEDby r3Y3r53,j4vaovo

Shodan: http.html:"wp-stats-manager"

FOFA: body="wp-stats-manager"

References (1)

[Exploit] https://wpscan.com/vulnerability/8f46df4d-cb80-4d66-846f-85faf2ea0ec4

Scores

CVSS v3 9.8

EPSS 0.7740

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-06-10

CWE

CWE-89

Status published

Products (2)

codepress/visitor_statistics < 6.9

plugins-market/wp_visitor_statistics < 6.9

Published May 15, 2023

Tracked Since Feb 18, 2026