Missing Authorization Vulnerability in WP Visitor Statistics Plugin by osama.esh
CVE-2025-49996

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: WP Visitor Statistics (real Time Traffic)
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-49996?

A vulnerability exists in the WP Visitor Statistics (Real Time Traffic) plugin developed by osama.esh, where access control measures are not adequately enforced. This oversight allows unauthorized users to access functionality that should be restricted, potentially compromising sensitive data or administrative capabilities. Versions from n/a through 7.8 are impacted, necessitating prompt attention to protect affected installations.

Affected Version(s)

WP Visitor Statistics (Real Time Traffic) <= 7.8

References

https://patchstack.com/database/wordpress/plugin/wp-stats...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)

WordPress

What is CVE-2025-49996?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit