A3Rev Page View Count vulnerabilities
5 known vulnerabilities affecting a3rev/page_view_count.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-2816HIGHCVSS 8.1≥ 2.8.0, < 2.8.5≥ 2.8.0, ≤ 2.8.42025-05-01
CVE-2025-2816 [HIGH] CWE-862 CVE-2025-2816: The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can
The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellow_message_dontshow() function in versions 2.8.0 to 2.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to one
cvelistv5nvd
CVE-2023-0095MEDIUMCVSS 5.4fixed in 2.6.12023-02-06
CVE-2023-0095 [MEDIUM] CWE-79 CVE-2023-0095: The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block opt
The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
nvd
CVE-2022-40131MEDIUMCVSS 4.3≤ 2.5.52022-11-03
CVE-2022-40131 [MEDIUM] CWE-352 CVE-2022-40131: Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on
Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page View Count plugin <= 2.5.5 on WordPress allows an attacker to reset the plugin settings.
nvd
CVE-2022-0434CRITICALCVSS 9.8PoCfixed in 2.4.152022-03-07
CVE-2022-0434 [CRITICAL] CWE-89 CVE-2022-0434: The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids paramet
The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks
nvd
CVE-2021-24509MEDIUMCVSS 5.4fixed in 2.4.92021-08-09
CVE-2021-24509 [MEDIUM] CWE-79 CVE-2021-24509: The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats
The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the frontend, however, higher privilege users, such as edito
nvd