CVE-2024-53725 HIGH

CVE-2024-53725: WordPress Post Hits Counter plugin <= 2.8.23 - CSRF to Reflected Cross Site Scripting (XSS) vulnerability

Vendor Amit

Product Post Hits Counter

Weakness CWE-352 · CSRF

Published December 2, 2024

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in aMiT Post Hits Counter hits-counter allows Reflected XSS.This issue affects Post Hits Counter: from n/a through <= 2.8.23.

Key dates

02Disclosure timeline

December 2, 2024 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-53725

Related vulnerabilities

04Related CVE

CVE-2026-39632 WordPress Grand Blog theme <= 3.1 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-31218 WordPress WOLF Plugin <= 1.0.6 is vulnerable to CSRF leading to Stored Cross Site Scripting (XSS) vulnerability CVE-2022-1573 HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF CVE-2025-5937 MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset CVE-2025-31402 WordPress NewsBoard Post and RSS Scroller plugin <= 1.2.12 - CSRF to Stored XSS vulnerability