wp-buy CVE Vulnerabilities & Metrics

Focus on wp-buy vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About wp-buy Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with wp-buy. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total wp-buy CVEs: 12
Earliest CVE date: 30 Aug 2019, 14:15 UTC
Latest CVE date: 20 Oct 2024, 11:15 UTC

Latest CVE reference: CVE-2024-49306

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical wp-buy CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.95

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 3
4.0-6.9 9
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS wp-buy CVEs

These are the five CVEs with the highest CVSS scores for wp-buy, sorted by severity first and recency.

All CVEs for wp-buy

CVE-2024-49306 wp-buy vulnerability CVSS: 0 20 Oct 2024, 11:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability in WP-buy WP Content Copy Protection & No Right Click allows Cross Site Request Forgery.This issue affects WP Content Copy Protection & No Right Click: from n/a through 3.5.9.

CVE-2023-36678 wp-buy vulnerability CVSS: 0 05 Aug 2023, 23:15 UTC

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions.

CVE-2022-4305 wp-buy vulnerability CVSS: 0 23 Jan 2023, 15:15 UTC

The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.

CVE-2022-23983 wp-buy vulnerability CVSS: 6.8 21 Feb 2022, 18:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4).

CVE-2021-24829 wp-buy vulnerability CVSS: 6.5 08 Nov 2021, 18:15 UTC

The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue

CVE-2021-24195 wp-buy vulnerability CVSS: 6.5 14 May 2021, 12:15 UTC

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

CVE-2021-24194 wp-buy vulnerability CVSS: 6.5 14 May 2021, 12:15 UTC

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

CVE-2021-24193 wp-buy vulnerability CVSS: 6.5 14 May 2021, 12:15 UTC

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

CVE-2021-24189 wp-buy vulnerability CVSS: 6.5 14 May 2021, 12:15 UTC

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

CVE-2021-24188 wp-buy vulnerability CVSS: 6.5 14 May 2021, 12:15 UTC

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.

CVE-2019-15832 wp-buy vulnerability CVSS: 6.8 30 Aug 2019, 14:15 UTC

The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF.

CVE-2019-15831 wp-buy vulnerability CVSS: 6.8 30 Aug 2019, 14:15 UTC

The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page.