Problem is still listed on WF website! However it says “makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action” so probably only an issue if an attacker already has access to the admin dashboard. Needs to be fixed though, I second that!
Dear users,
We appreciate your vigilance regarding the reported vulnerability in the WP Visitor Statistics (Real Time Traffic) plugin. We want to inform you that the issue has already been addressed and fixed in the latest update of the plugin. However, the Patchstack team has not yet validated the patch, which may cause security tools like Wordfence to continue flagging the plugin as vulnerable.
We also want to clarify that this issue is low priority and does not pose any significant risk to your site’s security. Your website remains safe, and updating to the latest version ensures that you are using the most secure version of the plugin.
We have already reached out to Patchstack to expedite the validation process, and we appreciate your patience.
Thank you for your support!
Best regards
