This vulnerability (CVE-2024-32098) in Advanced Page Visit Counter involves improper neutralization of special elements used in SQL commands, classified as CWE-89 (SQL Injection). It affects all versions up to 8.0.6. The CVSS 3.1 base score is 7.6, indicating high severity, with network attack vector, low attack complexity, high privileges required, no user interaction, and scope changed. The impact includes high confidentiality loss and low availability impact, with no integrity impact. No patch or official remediation level has been published yet, and no known exploits have been reported.

Successful exploitation could allow an attacker with high privileges to execute crafted SQL commands, potentially leading to unauthorized disclosure of sensitive information (high confidentiality impact) and limited disruption of service (low availability impact). Integrity of data is not impacted according to the CVSS vector. The vulnerability requires network access and high privileges, with no user interaction needed.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting access to the affected plugin and monitor for unusual activity. Avoid exposing the plugin to untrusted networks or users with high privileges. No official mitigation or temporary fix has been provided by the vendor at this time.