WordPress Plugin Vulnerabilities

Page View Count < 2.5.6 - Settings Reset via CSRF

Description

The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack

Affects Plugins

Plugin icon
page-views-count
Fixed in 2.5.6

References

CVE
CVE-2022-40131

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
d976576a-fd62-482d-be81-79d5419090e0

Timeline

Publicly Published
2022-10-13 (about 3 years ago)
Added
2022-11-03 (about 3 years ago)
Last Updated
2022-11-03 (about 3 years ago)

Other

Published
Title
Published
2023-11-28
Title
Razorpay for WooCommerce < 4.5.7 - Transfers Manipulation via CSRF
Published
2024-07-09
Title
WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF
Published
2023-06-16
Title
LWS Tools < 2.4.2 - Cross-Site Request Forgery
Published
2025-01-27
Title
MailUp Auto Subscription < 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-11-20
Title
AuthorSure <= 2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting