5 matches found
CVE-2022-0434
CVE-2022-0434 – WordPress Page Views Count plugin : The vulnerability affects versions before 2.4.15. The REST endpoint processes a post_ids parameter without proper sanitisation/escaping, leading to unauthenticated SQL injection. Documents from NVD/NVD-derived feeds and multiple security sources...
CVE-2025-2816
CVE-2025-2816 involves the WordPress Page View Count plugin (versions 2.8.0–2.8.4) where a missing capability check in the yellow_message_dontshow() function allows authenticated attackers with Subscriber-level access or higher to modify options, potentially causing a denial of service by updatin...
CVE-2023-0095
The CVE-2023-0095 entry concerns the WordPress plugin Page View Count (before 2.6.1). The issue is that the plugin does not validate and escape certain block options when the Gutenberg block is embedded, enabling Stored XSS for users with the Contributor role or higher. Affects Page View Count
CVE-2022-40131
The CVE-2022-40131 entry concerns the a3rev Software Page View Count plugin for WordPress, affected in versions
CVE-2021-24509
The CVE-2021-24509 vulnerability affects the WordPress Page View Count plugin before 2.4.9. The pvc_stats shortcode’s postid parameter is not escaped, allowing Stored XSS when mishandled inputs reach the frontend. Impact notes indicate that contributors can trigger XSS (with admin approval possib...