WordPress WP Visitor Statistics plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions of WordPress WP Visitor Statistics plugin prior to 5.5, which stems from the plugin’s failure to authorize and CSRF check in the UpdatePaddress AJAX operation, allowing any authenticated authenticated user to invoke it. An attacker could use this vulnerability to allow a logged-in user to perform this action and add any IP address to be excluded via a CSRF attack.