CVE-2021-24829

Name of the Vulnerable Software and Affected Versions: Visitor Traffic Real Time Statistics WordPress plugin versions prior to 3.9

Description: The issue arises from the lack of validation and escaping of user input passed to the "today traffic index" AJAX action, which is accessible to any authenticated users. This leads to an SQL injection issue, as the input is used directly in a SQL statement.

Recommendations: For versions prior to 3.9, update to version 3.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the "today traffic index" AJAX action to minimize the risk of exploitation.