Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting

The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. id: CVE-2017-18556 info: name: Google Analytics by BestWebSoft 1.7.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-google-analytics plugin before 1.7.1 for WordPress has...

CVE-2026-53608

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

CVE-2026-53608 @apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

CVE-2026-53608

ApostropheCMS (open-source Node.js) vulnerability CVE-2026-53608 affects the @apostrophecms/seo package up to 1.4.2, where seoGoogleTrackingId and seoGoogleTagManager are injected into [removed] bodies via template literals without sanitization. With editor-level access, an attacker can set these...

CVE-2026-53608 @apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 1.4.2 of the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager directly into tag bodies using JavaScript template...

PT-2026-49005

Name of the Vulnerable Software and Affected Versions @apostrophecms/seo versions prior to 1.4.3 Description Stored Cross-Site Scripting XSS occurs when the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager direct...

CVE-2026-7624

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-7624 SEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

EUVD-2026-34956

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-7624

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

PT-2026-47140

Name of the Vulnerable Software and Affected Versions SEO Plugin by Squirrly SEO versions prior to 12.4.17 Description The plugin fails to properly verify if a user is authorized to perform specific actions. This allows authenticated attackers with contributor-level access or higher to execute...

MAL-2026-4636 Malicious code in peertube-plugin-google-analytics-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c66b6ebad55556f956fbc181293327eb4051d2ec6de6436a24d027fac58e580 This PeerTube plugin advertises itself as a Google Analytics integration but its client-side script client/common-client-plugin.js:8 registers a...

WordPress Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability

Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability discovered by ? in WordPress Plugin Burst Statistics versions 3.4.0-3.4.1.1...

WordPress MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure And Plugin Integration Reset vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Google Analytics by Monster Insights versions = 10.1.2...

CVE-2026-5371

The MonsterInsights – Google Analytics Dashboard for WordPress Website Stats Made Easy plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the getadsaccesstoken and resetexperience functions in all versions up to, and including,...

WordPress plugin MonsterInsights – Google Analytics Dashboard for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress GA4WP – Analytics Dashboard for the Website plugin <= 2.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin GA4WP: Google Analytics for WordPress versions = 2.6.0...

CVE-2026-3529

A flaw was found in Drupal Google Analytics GA4. This vulnerability, identified as Cross-site Scripting XSS, arises from improper neutralization of input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages, which would then execute in a...

EUVD-2026-16383

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...

CVE-2026-3529

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...