cleantalk
Vulnerabilities and Security Researches

Visit Counter, CVE-2025-12452

CVE, Research URL

CVE-2025-12452

Home page URL

Security reports for Visit Counter

Application

Visit Counter

Published on
Nov 04, 2025
Research Description
The Visit Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the widgets.php page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.0.
Status
vulnerable
Previous vulnerability researches
Next Page, Not Next Post (CVE-2025-62943) , Nov 10, 2025
New vulnerability
Child Themes (CVE-2025-52755) , Nov 11, 2025
Premmerce Wishlist for WooCommerce (CVE-2025-60191) , Nov 11, 2025
LinkedIn Resume (CVE-2025-12402) , Nov 11, 2025
EM Beer Manager (CVE-2025-11724) , Nov 11, 2025
WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes) (CVE-2025-11755) , Nov 11, 2025