CVE-2025-3869

The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats/stats.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious w...

CVE-2025-3869 4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats/stats.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious w...

CVE-2025-3869 4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats/stats.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious w...

PT-2025-22827 · WordPress · 4Stats

Name of the Vulnerable Software and Affected Versions: 4stats plugin for WordPress versions up to, and including, 2.0.9 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the "stats/stats.php" page. This allows unauthenticated attackers...

4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Description The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats/stats.php page. This makes it possible for unauthenticated attackers to update settings and inject...