CVE-2025-53193: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was identified in Burst Statistics B.V. Burst Statistics plugin versions through 2.0.6. The vulnerability was discovered on May 21, 2025, and publicly disclosed on June 27, 2025. The affected software is a WordPress plugin developed by Burst Statistics B.V. (NVD, Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) with a CVSS v3.1 base score of 4.3 (MEDIUM). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability affects the integrity of the system with low impact (NVD, Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low, with potential impacts primarily affecting the integrity of the system (Patchstack).

The vulnerability has been fixed in version 2.0.8 of the Burst Statistics plugin. Users are advised to update to version 2.0.8 or later to remove the vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).