Primary

Context

WordPress Page View Count Plugin Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the Page View Count plugin for WordPress, affecting versions 2.8.0 to 2.8.4. The issue arises from a missing capability check in the yellow_message_dontshow() function, allowing authenticated attackers with Subscriber-level access and above to unauthorizedly modify option values on the WordPress site. This exploitation can lead to errors that disrupt service for legitimate users or manipulate certain options, such as enabling user registration.

Impact

Exploitation of this vulnerability can cause errors that disrupt normal site operations, leading to a denial-of-service condition for legitimate users. Additionally, it can be used to manipulate WordPress options in a way that could disrupt site functionality or user management.

Remediation

Users are advised to update the Page View Count plugin to version 2.8.5 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.3

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Page View Count Plugin Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Page Views Count

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating