EUVD-2025-201966

Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through = 1.2.2...

CVE-2025-63063

Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through = 1.2.2...

CVE-2025-63063 WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through = 1.2.2...

CVE-2025-63063 WordPress Yandex.Metrica plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through = 1.2.2...

EUVD-2024-52540

Malicious code in bioql PyPI...

Malicious code in soft-metrika (npm)

The package soft-metrika was found to contain malicious code...

MAL-2025-33604 Malicious code in soft-metrika (npm)

The package soft-metrika was found to contain malicious code...

CVE-2024-6462

The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6462

The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6462

The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6462 DL Yandex Metrika <= 1.2 - Admin+ Stored XSS

The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6462 DL Yandex Metrika <= 1.2 - Admin+ Stored XSS

The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6462

CVE-2024-6462 affects the WordPress plugin “DL Yandex Metrika” (versions 1.2 and earlier). The issue stems from insufficient sanitisation/escaping of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in ...

WordPress plugin DL Yandex Metrika 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-54420

Cross-Site Request Forgery CSRF vulnerability in Aleksandr Novikov Metrika metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through = 1.2...

CVE-2024-54420

Cross-Site Request Forgery CSRF vulnerability in Aleksandr Novikov Metrika metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through = 1.2...

CVE-2024-54420 WordPress Metrika plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Aleksandr Novikov Metrika metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through = 1.2...

CVE-2024-54420

CVE-2024-54420 documents confirm a CSRF vulnerability in the WordPress plugin Metrika (Aleksander Novikov) that can enable a stored Cross‑Site Scripting (XSS) condition. Affected software is listed as Metrika up to version 1.2 . The connected sources explicitly describe the issue type and affecte...

CVE-2024-54420 WordPress Metrika plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Aleksander Novikov Metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through 1.2...

WordPress plugin Metrika 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...