CVE-2026-5488

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...

CVE-2026-5371

The MonsterInsights – Google Analytics Dashboard for WordPress Website Stats Made Easy plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the getadsaccesstoken and resetexperience functions in all versions up to, and including,...

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed...

EUVD-2026-29886

The MonsterInsights – Google Analytics Dashboard for WordPress Website Stats Made Easy plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the getadsaccesstoken and resetexperience functions in all versions up to, and including,...

CVE-2026-5371

The MonsterInsights – Google Analytics Dashboard for WordPress Website Stats Made Easy plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the getadsaccesstoken and resetexperience functions in all versions up to, and including,...

CVE-2026-5371

The MonsterInsights – Google Analytics Dashboard for WordPress Website Stats Made Easy plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the getadsaccesstoken and resetexperience functions in all versions up to, and including,...

CVE-2026-5371

The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable through missing capability checks on get_ads_access_token() and reset_experience() in all versions up to 10.1.2. The issue allows authenticated attackers with Subscriber-lev...

CVE-2026-5371 MonsterInsights <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset

The MonsterInsights – Google Analytics Dashboard for WordPress Website Stats Made Easy plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the getadsaccesstoken and resetexperience functions in all versions up to, and including,...

PT-2026-40465

Name of the Vulnerable Software and Affected Versions MonsterInsights – Google Analytics Dashboard for WordPress versions prior to 10.1.3 Description Missing capability checks in the get ads access token and reset experience functions allow authenticated attackers with Subscriber-level access or...

CVE-2026-5488

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...

CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token'

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...

CVE-2026-5488

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...

CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token'

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...

CVE-2026-5488

The CVE-2026-5488 issue affects the ExactMetrics – Google Analytics Dashboard for WordPress plugin (WordPress). It stems from missing capability checks in two AJAX handlers (get_ads_access_token() and reset_experience()), allowing authenticated users with subscriber-level access or higher to retr...

EUVD-2026-25393

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the getadsaccesstoken and resetexperience AJAX handlers. While the mi-admin-nonce is localized...

PT-2026-34850

The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the get ads access token and reset experience AJAX handlers. While the mi-admin-nonce is...

WordPress plugin ExactMetrics 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

WordPress ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval vulnerability

Authenticated Subscriber+ Missing Authorization to Google Ads Access Token Retrieval vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin ExactMetrics versions = 9.1.2...

“Claudy Day” Flaws Allow Data Theft via Fake Claude AI Ads, Report

Researchers detail “Claudy Day” flaws in Claude AI that could enable data theft using fake Google Ads, hidden…...

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Microsoft has warned that information-stealing attacks are "rapidly expanding" beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale. The tech giant's Defender Security Research Team said it...