9 matches found
EUVD-2023-58860
Malicious code in bioql PyPI...
CVE-2023-6637
The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin...
CVE-2021-25020
The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...
CVE-2023-6637 CAOS | Host Google Analytics Locally <= 4.7.14 - Missing Authorization to Unauthenticated Plugin Settings Update
The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin...
PT-2024-15038 · WordPress · Caos | Host Google Analytics Locally
Name of the Vulnerable Software and Affected Versions: CAOS | Host Google Analytics Locally plugin for WordPress versions up to, and including, 4.7.14 Description: The issue allows unauthorized modification of data due to a missing capability check on the update settings function. This makes it...
WordPress Plugin CAOS | Host Google Analytics Locally Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin CAOS | Host Google Analyti...
CVE-2021-25020
CVE-2021-25020 affects the WordPress plugin “CAOS | Host Google Analytics Locally” (versions prior to 4.1.9). The vulnerability arises because the plugin does not validate the cache directory setting, enabling high-privilege users to perform a path traversal during uninstall and delete arbitrary ...
CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal
The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin PoC As admin, put the following payload in the "Cache directory for analytics.js" setting of the plugin: ../wp-includes,...
CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal
The plugin does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin As admin, put the following payload in the "Cache directory for analytics.js" setting of the plugin: ../wp-includes, tic...