cleantalk
Vulnerabilities and Security Researches

WP Statistics, CVE-2025-3953

CVE, Research URL

CVE-2025-3953

Home page URL

Security reports for WP Statistics

Application

WP Statistics

Published on
Apr 30, 2025
Research Description
The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionUpdater' function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings.
Affected versions
Min -, max 14.13.4.
Status
vulnerable
Previous vulnerability researches
Admin and Site Enhancements (ASE) (CVE-2025-24649) , Jan 26, 2025
Admin and Site Enhancements (ASE) (CVE-2024-13685) , Mar 06, 2025
Admin and Site Enhancements (ASE) (CVE-2024-13688) , Apr 30, 2025
Admin and Site Enhancements (ASE) (CVE-2025-24648) , Feb 06, 2025
Admin and Site Enhancements (ASE) (CVE-2024-10790) , Nov 14, 2024
New vulnerability
WP Statistics (CVE-2025-3953) , May 01, 2025
Calculated Fields Form (CVE-2024-12273) , May 01, 2025
Admin and Site Enhancements (ASE) (CVE-2024-13688) , Apr 30, 2025
WordPress Simple Shopping Cart (CVE-2025-3529) , Apr 30, 2025
SecuPress Free — WordPress Security (CVE-2025-3452) , Apr 30, 2025