Design/Logic Flaw

The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updatesettings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin...

CVE-2021-25020

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

Path traversal

The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin...

CVE-2021-25020

CVE-2021-25020 affects the WordPress plugin “CAOS | Host Google Analytics Locally” (versions prior to 4.1.9). The vulnerability arises because the plugin does not validate the cache directory setting, enabling high-privilege users to perform a path traversal during uninstall and delete arbitrary ...

WordPress CAOS | Host Google Analytics Locally plugin <= 4.1.8 - Arbitrary Folder Deletion via Path Traversal vulnerability

Arbitrary Folder Deletion via Path Traversal vulnerability discovered by José Aguilera in WordPress CAOS | Host Google Analytics Locally plugin versions = 4.1.8. Solution Update the WordPress CAOS | Host Google Analytics Locally plugin to the latest available version at least 4.1.9...