WordPress HT Easy GA4 ( Google Analytics 4 ) Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-23802

8.8HIGH

Key Information:

Vendor: WordPress
Status: HT Easy GA4 ( Google Analytics 4 )
Vendor: CVE Published:; 15 June 2023

Summary

The HasThemes HT Easy GA4 plugin for WordPress suffers from a Cross-Site Request Forgery (CSRF) vulnerability, allowing attackers to trick authenticated users into executing undesirable actions on their behalf without consent. This security flaw affects versions up to 1.0.6 and poses significant risks for sites utilizing this plugin, potentially leading to unauthorized access or data manipulation. It's crucial for users to update to a patched version to safeguard their web applications.

Affected Version(s)

HT Easy GA4 ( Google Analytics 4 ) <= 1.0.6

References

https://patchstack.com/database/vulnerability/ht-easy-goo...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2023
Vulnerability Reserved
Jan 18, 2023

Credit

Lana Codes (Patchstack Alliance)