CVE-2021-24750

Name of the Vulnerable Software and Affected Versions: WP Visitor Statistics (Real Time Traffic) versions prior to 4.8

Description: The issue arises from the improper sanitization and escaping of the refUrl in the refDetails AJAX action, which is accessible to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.

Recommendations: For versions prior to 4.8, update to version 4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the refDetails AJAX action to minimize the risk of exploitation.