WordPress · Subscribers Text Counter · CVE-2023-3356
**Name of the Vulnerable Software and Affected Versions**
Subscribers Text Counter WordPress plugin versions prior to 1.7.1
**Description**
The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This also leads to Stored Cross-Site Scripting due to the lack of sanitization and escaping.
**Recommendations**
For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings update functionality to minimize the risk of exploitation.