CVE-2021-24957

Name of the Vulnerable Software and Affected Versions Advanced Page Visit Counter WordPress plugin versions prior to 6.1.6

Description The issue is related to a SQL injection vulnerability. It occurs because the artID parameter is not properly escaped before being used in a SQL statement within the apvc reset count art AJAX action. This action is accessible to any authenticated user, making it a potential target for exploitation. The vulnerability allows for SQL injection, which can lead to unauthorized access and manipulation of database content.

Recommendations For versions prior to 6.1.6, update to version 6.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the apvc reset count art AJAX action to minimize the risk of exploitation.