CSRF Vulnerability in Simple Statistics for Feeds by Jeff Starr
CVE-2025-57892

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Simple Statistics For Feeds
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-57892?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Simple Statistics for Feeds plugin by Jeff Starr. This vulnerability can be exploited by attackers to trick users into performing actions without their consent, affecting the integrity of user data and site functionality. The issue impacts versions from n/a through 20250322, highlighting the need for WordPress site owners to ensure they are using updated and secure plugins to safeguard against such attacks.

Affected Version(s)

Simple Statistics for Feeds <= 20250322

References

https://patchstack.com/database/wordpress/plugin/simple-f...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Aug 22, 2025

Credit

Nabil Irawan (Patchstack Alliance)