Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-5815

The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging.

Published

2025-06-13T04:15:33.020

Last Modified

2025-06-16T12:32:18.840

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-862

Affected Vendors & Products

References

https://plugins.trac.wordpress.org/browser/traffic-monitor/trunk/traffic-monitor.php#L74 ([email protected])
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3309996%40traffic-monitor&new=3309996%40traffic-monitor&sfp_email=&sfph_mail= ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/538669c7-3237-4059-85dc-4f4af1ff5a19?source=cve ([email protected])