The vulnerability of the wpa_check_authentication() function in the Analytify plugin of the WordPress content management system allows a hacker to modify the Google Analytics tracking identifier of the website.

🗓️ 01 May 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Analytify WordPress plugin flaw lets attackers modify Google Analytics tracking ID via wpa_check_authentication().

Reporter	Title	Published	Views	Family All 12
CNNVD	WordPress plugin Analytify 安全漏洞	2 May 202400:00	–	cnnvd
CVE	CVE-2024-1584	2 May 202416:51	–	cve
Cvelist	CVE-2024-1584 Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification	2 May 202416:51	–	cvelist
EUVD	EUVD-2024-17328	3 Oct 202520:07	–	euvd
NVD	CVE-2024-1584	2 May 202417:15	–	nvd
Patchstack	WordPress Analytify Plugin <= 5.2.3 is vulnerable to Broken Access Control	29 Apr 202400:00	–	patchstack
Patchstack	WordPress Analytify plugin <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification vulnerability	29 Apr 202412:00	–	patchstack
Positive Technologies	PT-2024-3161 · WordPress · Analytify	16 Feb 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-1584	23 May 202508:22	–	redhatcve
Vulnrichment	CVE-2024-1584 Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification	2 May 202416:51	–	vulnrichment

Vulners

Node

analytify_llc analytifyRange≤5.2.3

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-analytify/analytify-521-missing-authorization-to-unauthenticated-google-analytics-tracking-id-modification
vuldb	www.vuldb.com/ru/
web	www.web.nvd.nist.gov/view/vuln/detail

01 May 2024 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 25

CVSS 35.3

EPSS0.00435

Analytify plugin WordPress vulnerability Google Analytics tracking Authentication weakness Tracking identifier modification