2 matches found
CVE-2021-25020
CVE-2021-25020 affects the WordPress plugin “CAOS | Host Google Analytics Locally” (versions prior to 4.1.9). The vulnerability arises because the plugin does not validate the cache directory setting, enabling high-privilege users to perform a path traversal during uninstall and delete arbitrary ...
CVE-2023-6637
CVE-2023-6637 affects the CAOS | Host Google Analytics Locally WordPress plugin. A missing capability check in the update_settings function (vulnerable through 4.7.14) allows unauthenticated attackers to modify plugin settings. The issue originates from broken access control in updating settings,...