The vulnerability discovered in the Page View Count plugin is a missing authorization weakness that permits unauthorized alteration of the plugin's settings. This flaw enables a user who may not otherwise have sufficient privileges to modify configuration values that control how page views are counted, potentially disrupting site analytics or masking content. Since the flaw revolves around incorrect access control, attackers can reconfigure or disable security‑related settings, leading to a breach of confidentiality or integrity of site data.

Systems affected include the WordPress plugin developed by Steve Truman, specifically versions of the Page View Count plugin through v2.9.0. The vulnerability impacts any WordPress installation that has the plugin installed and enabled at or below the 2.9.0 release. No specific WordPress core versions are listed, so the issue is confined to the plugin itself.

The CVSS score of 5.4 places this vulnerability in the moderate severity range, while the EPSS score of less than 1% indicates a low probability of exploitation in the wild. It is not currently listed in CISA’s KEV catalog. Inferred from the description, the attack vector could be remote, requiring authenticated access to the WordPress administration interface; an attacker with any user role that can reach the plugin settings page could exploit the missing authorization to change configuration values.