CVE-2026-3488 WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation

The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers including wpstatisticsgetfilters, wpstatisticsgetPrivacyStatus, wpstatisticsupdatePrivacyStatus, and...