CVE-2025-3953

Name of the Vulnerable Software and Affected Versions The WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin versions up to, and including, 14.13.3

Description The issue is related to unauthorized modification of data due to a missing capability check on the optionUpdater function. This allows authenticated attackers with Subscriber-level access and above to update arbitrary plugin settings.

Recommendations For versions up to, and including, 14.13.3, update to a version that includes a fix for the missing capability check in the optionUpdater function. As a temporary workaround, consider restricting access to the optionUpdater function to prevent unauthorized modification of plugin settings.