WordPress Plugin Vulnerabilities

Page View Count <= 2.8.7 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Description

The Page View Count plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings.

Affects Plugins

No known fix

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Phat RiO - BlueRock
Verified
No

Timeline

Publicly Published
2025-12-08 (about 6 months ago)
Added
2025-12-11 (about 6 months ago)
Last Updated
2025-12-11 (about 6 months ago)

Other