WP Statistics WordPress Plugin Patches CSRF Vulnerability via @sejournal, @martinibuster
The United States Government National Vulnerability Database (NVD) published an advisory about a vulnerability discovered in the WP Statistics WordPress plugin that affects up to 600,000 active installations.
The vulnerability was assigned a medium threat level score of 6.5 out of a scale of 1 to 10, with level 10 representing the most severe vulnerability level.
WP Statistics Cross-Site Request Forgery (CSRF)
The WP Statistics plugin was found to contain a Cross-Site Request Forgery vulnerability that could allow an attacker to compromise a website by activating or deactivating plugins.
A Cross-Site Request Forgery is an attack that requires a registered website user (such as an administrator) to perform an action like a clicking a link, which then allows an attacker to take advantage of a security gap.