CVE-2025-3953 – WordPress WP Statistics Unauthenticated Settings Modification Vulnerability

April 30, 2025

CVE ID : CVE-2025-3953

Published : April 30, 2025, 6:15 a.m. | 57 minutes ago

Description : The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘optionUpdater’ function in all versions up to, and including, 14.13.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin settings.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleRilasciato Trinity Desktop Environment R14.1.4: Novità e approfondimenti sulla nuova versione

Next Article CVE-2025-3471 – “SureForms WordPress Plugin Unauthenticated Configuration Update”

Highlights

CVE-2025-46339 – FreshRSS Favicon Poisoning Vulnerability

June 4, 2025

CVE ID : CVE-2025-46339

Published : June 4, 2025, 8:15 p.m. | 3 hours, 22 minutes ago

Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it’s possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not including the following variables: proxy address, proxy protocol, and whether SSL should be verified. Therefore it’s possible to poison a favicon of a given feed by simply intercepting the response of the feed, and changing the website URL to one where a threat actor controls the feed favicon. Feed favicons can be replaced for all users by anyone. Version 1.26.2 fixes the issue.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

User calls Windows 11 “pure horror,” Microsoft says it’s listening to feedback

John the Ripper is an advanced offline password cracker

CVE-2025-3953 – WordPress WP Statistics Unauthenticated Settings Modification Vulnerability

Microsoft Defender for Identity Flaw (CVE-2025-26685) Allows Unauthenticated Privilege Escalation

The Anatomy of an RCE Attack : The Hacker’s Big Score

CVE-2025-4839 – Itwanger Paicoding Cross-Domain Policy Vulnerability

Rilasciato Sublime Text 4 versione 4200

CVE-2024-13418 – WordPress Theme/Plugin Arbitrary File Upload Vulnerability

CVE-2025-4493 – Devolutions Server Privilege Escalation Vulnerability

CVE-2025-46339 – FreshRSS Favicon Poisoning Vulnerability

NST is a bootable ISO live USB flash drive

YouTube: Enhancing the user experience

I shouldn’t be surprised the first vertical ergonomic mouse from this gaming brand is great, but here we are

CVE-2025-3953 – WordPress WP Statistics Unauthenticated Settings Modification Vulnerability

Related Posts