EUVD-2026-32702

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrerurl values when the signature matches, combined with a...

CVE-2026-3570

The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for...

EUVD-2026-14015

The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for...

CVE-2026-1238 SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh'

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fh' fingerprint parameter in all versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14609

The Wise Analytics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.9. This is due to missing capability checks on the REST API endpoint '/wise-analytics/v1/report'. This makes it possible for unauthenticated attackers to access sensitive...

WordPress Eli's WordCents adSense Widget with Analytics plugin <= 1.3.03.27 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Skalucy in WordPress Plugin Elis WordCents adSense Widget with Analytics versions = 1.3.03.27...

CVE-2016-10912

The universal-analytics plugin before 1.3.1 for WordPress has XSS...

CVE-2017-18556

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues...

CVE-2023-49189

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Getsocial, S.A. Social Share Buttons & Analytics Plugin – GetSocial.Io allows Stored XSS.This issue affects Social Share Buttons & Analytics Plugin – GetSocial.Io: from n/a through 4.3.12...

CVE-2023-40676

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin = 5.0.8 versions...

CVE-2022-37402

Stored Cross-site Scripting XSS vulnerability in AFS Analytics plugin = 4.18 versions...

PT-2025-52436

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outbound resource' parameter in the slimtrack AJAX action in all versions up to, and including, 5.3.2. This is due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2025-64292

CVE-2025-64292: WordPress Analytics Germanized for Google Analytics (ga-germanized)

CVE-2025-64293 WordPress 0 Day Analytics plugin <= 4.0.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Golemiq 0 Day Analytics 0-day-analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a through = 4.0.0...

WordPress 0 Day Analytics plugin <= 4.0.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by kwakbumjun in WordPress Plugin 0 Day Analytics versions = 4.0.0...

WordPress Plugin 0 Day Analytics SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... WordPress...

Malicious Package

Overview vue-analytics-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in vue-analytics-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6264af628cc0d76e732dffe05db10a0bd52bcffaad0549e986349c8fc542cf79 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48313 Malicious code in vue-analytics-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6264af628cc0d76e732dffe05db10a0bd52bcffaad0549e986349c8fc542cf79 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-33765

Malicious code in vue-analytics-plugin npm...