4 matches found
CVE-2022-3425
The CVE-2022-3425 issue affects the WordPress plugin The Analyticator (versions prior to 6.5.6). The vulnerability stems from unserializing user input in the plugin settings, which could let high-privilege users (e.g., administrators) perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4323
CVE-2022-4323 concerns the WordPress plugin Analyticator (up to version 6.5.5; fixed in 6.5.6). The vulnerability arises because the plugin unserializes user input provided via the settings, which can enable PHP Object Injection when a suitable gadget is present. The issue can be triggered by hig...
CVE-2009-5158
The CVE-2009-5158 entry concerns the WordPress plugin google-analyticator, affected in versions prior to 5.2.1. The underlying issue is insufficient HTML sanitization of Google Analytics API text, which enables a cross-site scripting (XSS) vulnerability. Multiple connected sources (Red Hat, CNVD,...
CVE-2015-4697
The CVE-2015-4697 entry maps to a CSRF vulnerability in the WordPress Google Analyticator plugin. Affected product: Google Analyticator WordPress plugin (prior to version 6.4.9.3 revision @1183563 per CVE record; openvas entry also notes vulnerability in versions