CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4323 – Google Analyticator < 6.5.6 - Admin+ PHP Object Injection
https://notcve.org/view.php?id=CVE-2022-4323
02 Jan 2023 — The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present Las versiones del complemento Analyticator de Wordpress anteriores a la 6.5.6 deserializan la entrada del usuario proporcionada a través de la configuración, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar una inyección de objetos PHP cuando hay prese... • https://wpscan.com/vulnerability/ce8027b8-9473-463e-ba80-49b3d6d16228 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3425 – Google Analyticator < 6.5.6 - Admin+ PHP Object Injection
https://notcve.org/view.php?id=CVE-2022-3425
27 Dec 2022 — The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. El complemento Analyticator de WordPress anterior a las versiones 6.5.6 deserializa la entrada del usuario proporcionada a través de la configuración, lo que podría permitir a los usuarios con privilegios elevados, como el administrador, realizar la inyección de objetos PHP cuando hay un dispo... • https://wpscan.com/vulnerability/df1c36bb-9861-4272-89c9-ae76e62f687c • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-6238 – Google Analyticator <= 6.4.9.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-6238
24 Aug 2015 — Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php. Múltiples vulnerabilidades de XSS en el plugin Google Analyticator en versiones anteriores a 6.4.9.6 para WordPress, permite a atacantes rem... • https://wordpress.org/plugins/google-analyticator/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4697 – Google Analyticator <= 6.4.9.3 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-4697
19 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563. Existe una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Google Analyticator en versiones anteriores a la 6.4.9.3 rev @1183563 para WordPress. • http://seclists.org/fulldisclosure/2015/Jun/57 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2009-5158 – Google Analyticator <= 5.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-5158
29 Jul 2009 — The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text. El plugin google-analyticator versiones anteriores a 5.2.1 para WordPress, presenta un saneamiento de HTML insuficiente para el texto de la API Google Analytics. • https://wordpress.org/plugins/google-analyticator/#developers • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •