Lucene search
+L

577 matches found

Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.21 views

PT-2026-47140

Name of the Vulnerable Software and Affected Versions SEO Plugin by Squirrly SEO versions prior to 12.4.17 Description The plugin fails to properly verify if a user is authorized to perform specific actions. This allows authenticated attackers with contributor-level access or higher to execute...

4.3CVSS5.4AI score0.00296EPSS
Exploits0References18
OSV
OSV
added 2026/05/22 6:46 p.m.9 views

MAL-2026-4636 Malicious code in peertube-plugin-google-analytics-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c66b6ebad55556f956fbc181293327eb4051d2ec6de6436a24d027fac58e580 This PeerTube plugin advertises itself as a Google Analytics integration but its client-side script client/common-client-plugin.js:8 registers a...

5.9AI score
Exploits0References2
Patchstack
Patchstack
added 2026/05/14 9:38 a.m.13 views

WordPress Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability

Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability discovered by ? in WordPress Plugin Burst Statistics versions 3.4.0-3.4.1.1...

9.8CVSS5.8AI score0.14608EPSS
Exploits11References1Affected Software1
Patchstack
Patchstack
added 2026/05/13 12:11 p.m.21 views

WordPress MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure And Plugin Integration Reset vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Google Analytics by Monster Insights versions = 10.1.2...

7.1CVSS5.8AI score0.00349EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/12 11:16 p.m.43 views

CVE-2026-5371

The MonsterInsights – Google Analytics Dashboard for WordPress Website Stats Made Easy plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the getadsaccesstoken and resetexperience functions in all versions up to, and including,...

7.1CVSS0.00349EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

WordPress plugin MonsterInsights – Google Analytics Dashboard for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.1CVSS5.8AI score0.00349EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/01 9:32 a.m.7 views

WordPress GA4WP – Analytics Dashboard for the Website plugin <= 2.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin GA4WP: Google Analytics for WordPress versions = 2.6.0...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 9:42 p.m.4 views

CVE-2026-3529

A flaw was found in Drupal Google Analytics GA4. This vulnerability, identified as Cross-site Scripting XSS, arises from improper neutralization of input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages, which would then execute in a...

6AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/26 9:31 p.m.8 views

EUVD-2026-16383

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...

5.8AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/03/26 9:17 p.m.6 views

CVE-2026-3529

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...

6.1CVSS0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 8:3 p.m.3 views

CVE-2026-3529 Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...

5.9AI score0.00243EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:3 p.m.1 views

CVE-2026-3529

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...

5.8AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/26 8:3 p.m.26 views

CVE-2026-3529 Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...

0.00243EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 8:3 p.m.3 views

CVE-2026-3529 Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...

6.1CVSS5.9AI score0.00243EPSS
Exploits0References5
CVE
CVE
added 2026/03/26 8:3 p.m.18 views

CVE-2026-3529

CVE-2026-3529 affects the Drupal Google Analytics GA4 module. The root cause is improper neutralization of input when generating web pages, enabling Cross-site Scripting (XSS) via custom attributes added to the GA4 script tag. A user with the ga4 configure (or administer google analytics ga4 sett...

6.1CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Drupal Google Analytics GA4 安全漏洞

Drupal Google Analytics GA4 is an integrated module for website traffic statistics and analysis developed by the Drupal company. Versions of Drupal Google Analytics GA4 prior to 1.1.14 contained a security vulnerability caused by improper input handling, which could lead to cross-site scripting...

6.1CVSS5.6AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/03/21 4:17 a.m.5 views

CVE-2026-3332

The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation in the xmssetting function on the settings update handler. This makes it possible for unauthenticated attackers t...

4.3CVSS0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/21 3:26 a.m.30 views

CVE-2026-3332 Xhanch - My Advanced Settings <= 1.1.2 - Cross-Site Request Forgery to Settings Update

The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation in the xmssetting function on the settings update handler. This makes it possible for unauthenticated attackers t...

4.3CVSS0.0014EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.3 views

CVE-2026-3332

The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation in the xmssetting function on the settings update handler. This makes it possible for unauthenticated attackers t...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.8 views

PT-2026-26848

The Xhanch - My Advanced Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation in the xms setting function on the settings update handler. This makes it possible for unauthenticated attackers ...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
Rows per page
Query Builder