Cross-Site Request Forgery Vulnerability in WP Statistics Plugin for WordPress
CVE-2021-4333

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Statistics
Vendor: CVE Published:; 7 March 2023

What is CVE-2021-4333?

The WP Statistics plugin for WordPress exhibits a Cross-Site Request Forgery vulnerability in versions up to 13.1.1 due to inadequate nonce validation in the view() function. This flaw allows unauthenticated attackers to execute actions, such as activating or deactivating plugins, by tricking site administrators into clicking malicious links, thereby gaining unauthorized access and control over the site.

Affected Version(s)

WP Statistics * <= 13.1.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2023
Vulnerability Reserved
Mar 7, 2023

Credit

Ramuel Gall

Wordpress

What is CVE-2021-4333?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit