CVE-2021-25086

Name of the Vulnerable Software and Affected Versions Advanced Page Visit Counter WordPress plugin versions prior to 6.1.2

Description The issue allows unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing the admin dashboard page, due to the plugin not sanitising and escaping some input before outputting it. This enables attackers to inject malicious scripts, potentially leading to unauthorized actions or data exposure.

Recommendations For versions prior to 6.1.2, update to version 6.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin dashboard page to minimize the risk of exploitation.