The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging.

Related CVEs

CVE-2025-5815

Key Information

GHSA ID

GHSA-pc3q-9mpw-2wjf

Published

June 13, 2025 6:30 AM

Last Modified

June 13, 2025 6:30 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 14, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.