Headline
CVE-2022-40131: WordPress Page View Count plugin <= 2.5.5 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.
Verified
Fixed
5.4
CVSS 3.1 score Medium severity
Report
Monitoring Not reported to be exploited
Vulnerable versions
<= 2.5.5
PSID
617c5379e375
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-10-13
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to plugin settings reset was discovered by Mika (Patchstack Alliance) in the WordPress Page View Count plugin (versions <= 2.5.5).
Solution
Update the WordPress Page View Count plugin to the latest available version (at least 2.5.6).
References