Release new version 2.4.15

* This is an important security release that patches a SQL injection vulnerability that affects all previous versions. Please run this immediately.
* Security - Patch for SQL injection attack vulnerability

Author: alextuan

page-views-count.php

@@ -2,7 +2,7 @@
 /*
 Plugin Name: Page Views Count
 Description: Show front end users all time views and views today on posts, pages, index pages and custom post types with the Page Views Count Plugin. Use the Page Views Count function to add page views to any content type or object created by your theme or plugins.
-Version: 2.4.14
+Version: 2.4.15
 Requires at least: 5.6
 Tested up to: 5.9
 Author: a3rev Software
@@ -23,7 +23,7 @@
 
 define( 'A3_PVC_KEY', 'a3_page_view_count' );
 define( 'A3_PVC_PREFIX', 'wp_pvc_' );
-define( 'A3_PVC_VERSION', '2.4.14' );
+define( 'A3_PVC_VERSION', '2.4.15' );
 define( 'A3_PVC_G_FONTS', false );
 
 use \A3Rev\PageViewsCount\FrameWork;

readme.txt

@@ -3,7 +3,7 @@ Contributors: a3rev, a3rev Software, nguyencongtuan
 Tags: wordpress page view, page view count , post views, post view count, gutenberg
 Requires at least: 5.6
 Tested up to: 5.9
-Stable tag: 2.4.14
+Stable tag: 2.4.15
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -102,6 +102,10 @@ The manual installation method involves down loading our plugin and uploading it
 
 == Changelog ==
 
+= 2.4.15 - 2022/02/01 =
+* This is an important security release that patches a SQL injection vulnerability that affects all previous versions. Please run this immediately.
+* Security - Patch for SQL injection attack vulnerability
+
 = 2.4.14 - 2022/01/21 =
 * This is a maintenance release for compatibility with WordPress major version 5.9
 * Tweak - Test for compatibility with WordPress 5.9
@@ -484,6 +488,9 @@ The manual installation method involves down loading our plugin and uploading it
 
 == Upgrade Notice ==
 
+= 2.4.15 =
+This is an important security release that patches a SQL injection vulnerability that affects all previous versions. Please run this immediately.
+
 = 2.4.14 =
 This is a maintenance release for compatibility with WordPress major version 5.9
 

src/pvc_class.php

@@ -48,10 +48,15 @@ public static function pvc_fetch_posts_stats( $post_ids ) {
 		$nowisnow = date('Y-m-d');
 
 		if ( !is_array( $post_ids ) ) $post_ids = array( $post_ids );
+		$post_ids = array_map( function( $value ) {
+			global $wpdb;
+			return $wpdb->prepare( '%s', $value );
+		}, $post_ids );
 
 		$sql = $wpdb->prepare( "SELECT t.postnum AS post_id, t.postcount AS total, d.postcount AS today FROM ". $wpdb->prefix . "pvc_total AS t
 			LEFT JOIN ". $wpdb->prefix . "pvc_daily AS d ON t.postnum = d.postnum
 			WHERE t.postnum IN ( ".implode( ',', $post_ids )." ) AND d.time = %s", $nowisnow );
+
 		return $wpdb->get_results($sql);
 	}