VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 14 known issues Latest disclosed Apr 07, 2026

WP Visitor Statistics (Real Time Traffic) Vulnerabilities

Review known vulnerability records for the WordPress plugin WP Visitor Statistics (Real Time Traffic) (`wp-stats-manager`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
14
High or Critical
4
Linked CVEs
14
Last Updated
Apr 07, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WP Visitor Statistics (Real Time Traffic) so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
14 records include a published patch path.
Severity Mix
2 critical and 2 high severity findings.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for WP Visitor Statistics (Real Time Traffic)

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-4303
WP Visitor Statistics (Real Time Traffic) <= 8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'height' Shortcode Attribute

The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsm_showDayStatsGraph' shortcode in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping on user supplied...

Published
Apr 07, 2026
Patched Release
8.5
Affected Versions
Versions up to 8.4
Next Step
Update to 8.5 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-67983
Visitor Statistics (Real Time Traffic) <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-leve...

Published
Dec 15, 2025
Patched Release
8.4
Affected Versions
Versions up to 8.3
Next Step
Update to 8.4 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-49400
WP Visitor Statistics (Real Time Traffic) <= 8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-l...

Published
Aug 20, 2025
Patched Release
8.3
Affected Versions
Versions up to 8.2
Next Step
Update to 8.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-53566
WP Visitor Statistics (Real Time Traffic) <= 7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contribut...

Published
Jul 03, 2025
Patched Release
7.9
Affected Versions
Versions up to 7.8
Next Step
Update to 7.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: No CVE-2025-49996
WP Visitor Statistics (Real Time Traffic) <= 7.8 - Missing Authorization

The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.8. This makes it possible for unauthenticated attackers to perform an unauthorized actio...

Published
Jun 19, 2025
Patched Release
Not published
Affected Versions
Versions up to 7.8
Next Step
Open the full report for remediation notes and references.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-24675
WP Visitor Statistics (Real Time Traffic) <= 7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-l...

Published
Jan 24, 2025
Patched Release
7.3
Affected Versions
Versions up to 7.2
Next Step
Update to 7.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-22304
WP Visitor Statistics (Real Time Traffic) <= 7.5 - Missing Authorization

The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.5. This makes it possible for authenticated attackers, with Subscriber-level access and...

Published
Jan 06, 2025
Patched Release
7.6
Affected Versions
Versions up to 7.5
Next Step
Update to 7.6 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-24867
WP Visitor Statistics (Real Time Traffic) <= 6.9.4 - Sensitive Information Exposure via Log File

The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.9.4. This makes it possible for unauthenticated attackers to extract sensitive data from log files.

Published
Feb 02, 2024
Patched Release
6.9.5
Affected Versions
Versions up to 6.9.4
Next Step
Update to 6.9.5 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2023-0600
WP Visitor Statistics (Real Time Traffic) <= 6.8.1 - Unauthenticated SQL Injection

The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to time-based blind SQL Injection via an unknown parameter in versions up to, and including, 6.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

Published
Apr 24, 2023
Patched Release
6.9
Affected Versions
Versions up to 6.8.1
Next Step
Update to 6.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-4656
WP Visitor Statistics (Real Time Traffic) <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Visitor Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authent...

Published
Jan 17, 2023
Patched Release
6.5
Affected Versions
Versions up to 6.4
Next Step
Update to 6.5 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2022-33965
WP Visitor Statistics (Real Time Traffic) <= 5.7 - Unauthenticated SQL Injection

The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to SQL Injection via the 'refUrl' parameter in versions up to, and including, 5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL qu...

Published
Jul 06, 2022
Patched Release
5.8
Affected Versions
Versions up to 5.7
Next Step
Update to 5.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2022-0410
WP Visitor Statistics (Real Time Traffic) <= 5.5 - SQL Injection

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection

Published
Feb 14, 2022
Patched Release
5.6
Affected Versions
Versions before 5.6
Next Step
Update to 5.6 or newer if supported.
Open Full Report Open CVE Reference