CVE-2025-63063

Missing Authorization vulnerability in Yandex Metrika Yandex.Metrica wp-yandex-metrika allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yandex.Metrica: from n/a through = 1.2.2...

CVE-2024-6462

The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6462 DL Yandex Metrika <= 1.2 - Admin+ Stored XSS

The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-54420 WordPress Metrika plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Aleksander Novikov Metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through 1.2...

CVE-2024-54420

CVE-2024-54420 documents confirm a CSRF vulnerability in the WordPress plugin Metrika (Aleksander Novikov) that can enable a stored Cross‑Site Scripting (XSS) condition. Affected software is listed as Metrika up to version 1.2 . The connected sources explicitly describe the issue type and affecte...