Lucene search
K

577 matches found

Nuclei
Nuclei
added yesterday34 views

Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. id: CVE-2017-18556 info: name: Google Analytics by BestWebSoft 1.7.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-analytics plugin before 1.7.1 for WordPress has...

6.1CVSS6.4AI score0.01384EPSS
Exploits1References4
Cvelist
Cvelist
added last week32 views

CVE-2026-4298 DSGVO All in one for WP <= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS0.00204EPSS
Exploits0References6
CVE
CVE
added last week11 views

CVE-2026-4298

The CVE-2026-4298 entry concerns the WordPress plugin DSGVO All in one for WP up to version 4.9. The underlying root cause is Missing Authorization due to the function dsgvo_reset_policy_service_func() lacking capability checks and nonce verification when processing user-supplied parameters to re...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 6:16 a.m.12 views

CVE-2026-8944

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page ga.php. This makes it possible for unauthenticated...

4.3CVSS0.00102EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 4:30 a.m.6 views

EUVD-2026-40250

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page ga.php. This makes it possible for unauthenticated...

4.3CVSS5.6AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 4:30 a.m.32 views

CVE-2026-8944 Plugin for Google Analytics by IO technologies <= 1.1 - Cross-Site Request Forgery via 'ga_id' Parameter

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page ga.php. This makes it possible for unauthenticated...

4.3CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 4:30 a.m.18 views

CVE-2026-8944

The CVE-2026-8944 affects the WordPress plugin IO Technologies’ Google Analytics plugin (versions

4.3CVSS5.6AI score0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 4:30 a.m.6 views

CVE-2026-8944

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page ga.php. This makes it possible for unauthenticated...

4.3CVSS5.6AI score0.00102EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53812

Name of the Vulnerable Software and Affected Versions Plugin for Google Analytics by IO technologies versions prior to 1.2 Description Cross-Site Request Forgery occurs on the Google Analytics settings page 'ga.php' due to missing or incorrect nonce validation. A nonce is a unique token used to...

4.3CVSS5.8AI score0.00102EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/06/29 4:17 p.m.7 views

WordPress Plugin for Google Analytics by IO technologies plugin <= 1.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Plugin for Google Analytics by IO technologies versions = 1.1...

4.3CVSS5.8AI score0.00102EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/12 10:16 p.m.16 views

CVE-2026-53608

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

8.7CVSS0.0021EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:57 p.m.8 views

CVE-2026-53608 @apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:57 p.m.29 views

CVE-2026-53608 @apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

8.7CVSS0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:57 p.m.24 views

CVE-2026-53608

ApostropheCMS (open-source Node.js) vulnerability CVE-2026-53608 affects the @apostrophecms/seo package up to 1.4.2, where seoGoogleTrackingId and seoGoogleTagManager are injected into [removed] bodies via template literals without sanitization. With editor-level access, an attacker can set these...

8.7CVSS5.3AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 8:57 p.m.4 views

CVE-2026-53608 @apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

8.7CVSS5.9AI score0.0021EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-49005

Name of the Vulnerable Software and Affected Versions @apostrophecms/seo versions prior to 1.4.3 Description Stored Cross-Site Scripting XSS occurs when the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager direct...

8.7CVSS5.5AI score0.0021EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.23 views

CVE-2026-7624

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/06 3:28 a.m.41 views

CVE-2026-7624 SEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00296EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/06 3:28 a.m.9 views

CVE-2026-7624

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References15
EUVD
EUVD
added 2026/06/06 3:28 a.m.16 views

EUVD-2026-34956

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.5AI score0.00296EPSS
Exploits0References14
Rows per page
Query Builder