Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Analytify – Google Analytics Dashboard For WordPress 4.2.3

  • Severity: medium-risk
  • Status: Fixed
  • Publication: January 3, 2023

The Analytify plugin for WordPress has a security issue in versions up to and including 4.2.3. This issue makes it possible for unauthenticated attackers to log out an associated Google Analytics account. This can be done either by the attacker themself or by sending a false request that tricks a site administrator into clicking a link or taking some other action. This is possible because the plugin does not use nonce validation or check capabilities on the logout() function.

Detected in:

Analytify – Google Analytics Dashboard For WordPress fixed vulnerable versions: >= * <= 4.2.3
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) fixed vulnerable versions:
Analytify – Google Analytics Dashboard For WordPress (GA4 made easy) fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.