Cross-Site Request Forgery Vulnerability in Universal Analytics Injector by Niklas Olsson
CVE-2025-23483
7.1HIGH
Key Information:
- Vendor
- WordPress
- Vendor
- CVE Published:
- 16 January 2025
Summary
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Universal Analytics Injector plugin by Niklas Olsson, allowing attackers to trigger actions that result in Stored Cross-Site Scripting (XSS). This issue compromises the security of websites utilizing versions from n/a to 1.0.3, potentially enabling unauthorized users to inject malicious scripts, which can lead to data theft and unauthorized access.
Affected Version(s)
Universal Analytics Injector <= 1.0.3
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
SOPROBRO (Patchstack Alliance)