CVE-2021-24193

Name of the Vulnerable Software and Affected Versions: Visitor Traffic Real Time Statistics WordPress plugin versions prior to 2.12

Description: The issue allows low-privileged users to exploit the AJAX action 'cp plugins do button job later callback' to install any plugin, including specific versions, from the WordPress repository and activate arbitrary plugins from the blog. This could lead to the installation of vulnerable plugins, potentially resulting in more critical vulnerabilities, such as Remote Code Execution (RCE).

Recommendations: For Visitor Traffic Real Time Statistics WordPress plugin versions prior to 2.12, update to version 2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'cp plugins do button job later callback' AJAX action to prevent low-privileged users from installing and activating arbitrary plugins.