Missing Authorization in Visitors Traffic Real Time Statistics Plugin by WordPress
CVE-2023-47557
4.3MEDIUM
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 2 January 2025
Summary
The Visitors Traffic Real Time Statistics plugin for WordPress has a missing authorization vulnerability that allows unauthorized users to exploit incorrectly configured access control settings. This issue affects versions from n/a to 7.2, leading to potential unauthorized access to sensitive statistics and user data. Website administrators should review and update their security settings to mitigate the risks associated with this vulnerability.
Affected Version(s)
Visitors Traffic Real Time Statistics <= 7.2
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rafshanzani Suhada (Patchstack Alliance)