CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53814 – WordPress Analytify plugin <= 5.4.3 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-53814
02 Dec 2024 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3. The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.4.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized act... • https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-4-3-broken-access-control-vulnerability?_s_id=cve • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43265 – WordPress Analytify plugin <= 5.3.1 - CSRF Leading to Optout Vulnerability
https://notcve.org/view.php?id=CVE-2024-43265
12 Aug 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1. The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3.1. This is due to missing or incorrect nonce validation on the optout_yes() function. This makes it possible for unauthenticated attackers to opt out of tracking via a forged request granted they can trick a... • https://patchstack.com/database/vulnerability/wp-analytify/wordpress-analytify-plugin-5-3-1-csrf-leading-to-optout-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47841 – WordPress Analytify plugin <= 5.1.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47841
20 Nov 2023 — Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1. The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the send_analytics_email function. This makes it possible for unauthenticated ... • https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-1-1-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41695 – WordPress Analytify plugin <= 5.1.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-41695
05 Sep 2023 — Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0. The Analytify Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optin_yes() function in versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber-level and above access, to optin the the plugin's tracking. • https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-google-analytics-dashboard-for-wordpress-plugin-5-1-0-broken-access-control-csrf-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45830 – WordPress Analytify - Google Analytics Dashboard plugin <= 4.2.3 - Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2022-45830
03 Jan 2023 — Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3. The Analytify plugin for WordPress is vulnerable to authorization bypass & Cross-Site Request Forgery in versions up to, and including, 4.2.3. This is due to missing nonce validation and a lack of capability checking on the logout() function. This makes it possible for unauthenticated attackers to invoke this function and log out an associated Google Analytics account either themself or via forged request ... • https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-google-analytics-dashboard-plugin-4-2-3-privilege-escalation?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •