VYPR

Page View Count

by WordPress

CVEs (5)

  • CVE-2022-0434CriMar 7, 2022
    risk 0.65cvss 9.8epss 0.15

    The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL…

  • CVE-2025-2816HigMay 1, 2025
    risk 0.53cvss 8.1epss 0.00

    The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellow_message_dontshow() function in versions 2.8.0 to 2.8.4. This makes it possible for authenticated…

  • CVE-2023-0095MedFeb 6, 2023
    risk 0.35cvss 5.4epss 0.01

    The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting…

  • CVE-2022-40131MedNov 3, 2022
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.

  • CVE-2021-24509MedAug 9, 2021
    risk 0.35cvss 5.4epss 0.01

    The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS…