CVE-2025-2816

Name of the Vulnerable Software and Affected Versions Page View Count plugin for WordPress versions 2.8.0 through 2.8.4

Description The issue allows authenticated attackers with Subscriber-level access and above to modify data due to a missing capability check on the yellow message dontshow() function. This can lead to a denial of service by updating option values, creating an error on the site, or setting certain values to true, such as registration, thereby denying service to legitimate users.

Recommendations For versions 2.8.0 through 2.8.4, consider disabling the yellow message dontshow() function as a temporary workaround until a patch is available to prevent unauthorized modification of data. Restrict access to option value updates to minimize the risk of exploitation.