40 matches found
CVE-2022-0434
The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks...
CVE-2025-63034
Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through = 2.9.0...
EUVD-2025-201988
Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through = 2.8.7...
CVE-2025-63034
Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through = 2.9.0...
CVE-2025-63034 WordPress Page View Count plugin <= 2.9.0 - Settings Change vulnerability
Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through = 2.9.0...
CVE-2025-63034 WordPress Page View Count plugin <= 2.9.0 - Settings Change vulnerability
Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through = 2.9.0...
CVE-2025-63034
CVE-2025-63034 is a Missing Authorization vulnerability in the WordPress plugin Page View Count (page-views-count) affecting versions up to and including 2.8.7. The linked sources describe a Settings Change vulnerability, implying that an unauthorized actor could modify plugin settings. The Wordf...
WordPress plugin Page View Count 安全漏洞
...
PT-2025-50041
Missing Authorization vulnerability in Steve Truman Page View Count page-views-count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page View Count: from n/a through = 2.8.7...
WordPress Page View Count plugin <= 2.8.7 - Settings Change vulnerability
Settings Change vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Page View Count versions = 2.8.7...
EUVD-2022-43449
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2022-0434
The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks...
CVE-2023-0095
The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-2816
The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellowmessagedontshow function in versions 2.8.0 to 2.8.4. This makes it possible for authenticated attackers, with...
CVE-2025-2816
CVE-2025-2816 involves the WordPress Page View Count plugin (versions 2.8.0–2.8.4) where a missing capability check in the yellow_message_dontshow() function allows authenticated attackers with Subscriber-level access or higher to modify options, potentially causing a denial of service by updatin...
CVE-2025-2816 Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellowmessagedontshow function in versions 2.8.0 to 2.8.4. This makes it possible for authenticated attackers, with...
CVE-2025-2816 Page View Count 2.8.0 - 2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellowmessagedontshow function in versions 2.8.0 to 2.8.4. This makes it possible for authenticated attackers, with...
PT-2025-18351 · WordPress · Page View Count
Name of the Vulnerable Software and Affected Versions: Page View Count plugin for WordPress versions 2.8.0 through 2.8.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data due to a missing capability check on the yellow message dontshow...
WordPress Page View Count plugin 2.8.0-2.8.4 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update
Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by kr0d in WordPress Plugin Page View Count versions 2.8.0-2.8.4...
Cross site scripting
The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...