Unauthorized Data Modification Vulnerability in HT Easy GA4 Plugin for WordPress
CVE-2024-1176

5.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Ht Easy Ga4 – Google Analytics WordPress Plugin
Vendor
CVE Published:
13 March 2024

Summary

The HT Easy GA4 – Google Analytics WordPress Plugin for WordPress allows unauthenticated attackers to exploit a missing capability check in the login() function. This vulnerability enables attackers to modify the email settings linked to the plugin, posing significant risks for data integrity and user privacy. The issue is present in all versions up to and including version 1.1.5, highlighting the need for timely updates and security measures.

Affected Version(s)

HT Easy GA4 – Google Analytics WordPress Plugin * <= 1.1.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/ht-easy-google...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Francesco Carlucci
.