Arbitrary Script Execution Vulnerability in Google Analytics Made Easy Plugin

CVE-2024-12072

Summary

The Analytics Cat plugin for WordPress, which facilitates easy integration with Google Analytics, is affected by a reflected cross-site scripting vulnerability. This security flaw arises from improper handling of URL parameters via the add_query_arg function without adequate escaping. As a result, an attacker can craft a specially designed link that tricks users into executing arbitrary scripts. Exploitation requires no authentication, allowing attackers to potentially manipulate user interactions and gain access to sensitive data or perform unwanted actions. It is critical for users of this plugin to apply any available security patches and remain vigilant against phishing attempts that could exploit this vulnerability.

References