Description
WordPress Plugin leads5050-visitor-insights is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently set an arbitrary license in plugin's settings. WordPress Plugin leads5050-visitor-insights version 1.0.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.1.0 or latest
References
https://wpscan.com/vulnerability/3a7636bd-9535-4c2c-8263-1f00fff1c296
https://plugins.svn.wordpress.org/leads-5050-visitor-insights/trunk/readme.txt
Related Vulnerabilities
MySQL CVE-2020-2790 Vulnerability (CVE-2020-2790)
WordPress Plugin WP-PostRatings SQL Injection (1.83.1)
WordPress Plugin SG Optimizer Multiple Vulnerabilities (3.3.5)
WordPress Plugin Subscribe To Comments Reloaded Cross-Site Scripting (150611)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46243)