CVE-2022-0434

The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks...

CVE-2025-2816

CVE-2025-2816 involves the WordPress Page View Count plugin (versions 2.8.0–2.8.4) where a missing capability check in the yellow_message_dontshow() function allows authenticated attackers with Subscriber-level access or higher to modify options, potentially causing a denial of service by updatin...

PT-2025-18351 · WordPress · Page View Count

Name of the Vulnerable Software and Affected Versions: Page View Count plugin for WordPress versions 2.8.0 through 2.8.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data due to a missing capability check on the yellow message dontshow...

CVE-2022-40131

Cross-Site Request Forgery CSRF vulnerability in a3rev Software Page View Count plugin = 2.5.5 on WordPress allows an attacker to reset the plugin settings...