CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45605 – WordPress Feed Statistics Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45605
11 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke Feed Statistics plugin <= 4.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Christopher Finke Feed Statistics en versiones <= 4.1. The Feed Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on the init function. This makes it possible for unauthenticated attackers to modify plugin settin... • https://patchstack.com/database/vulnerability/wordpress-feed-statistics/wordpress-feed-statistics-plugin-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-17074 – Feed Statistics < 4.0 - Open Redirect
https://notcve.org/view.php?id=CVE-2018-17074
07 Aug 2014 — The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. El plugin Feed Statistics en versiones anteriores a la 4.0 para WordPress tiene una redirección abierta mediante el parámetro feed-stats-url. • https://hackerone.com/reports/22142 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •