Unauthorized Data Access and Modification in Google Analytics Dashboard for WordPress by MonsterInsights
CVE-2026-5371

7.1HIGH

Key Information:

Vendor: WordPress
Status: Monsterinsights – Google Analytics Dashboard For WordPress (website Stats Made Easy)
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-5371?

The MonsterInsights plugin for WordPress contains a vulnerability that allows authenticated users with Subscriber-level access and above to exploit missing capability checks. Specifically, this affects the get_ads_access_token() and reset_experience() functions, enabling attackers to gain unauthorized access to live Google OAuth access tokens and manipulate the Google Ads integration features. This could lead to serious privacy concerns and data integrity issues for users relying on the plugin for their analytics needs. Developers and site administrators should ensure they update to the latest version to mitigate these risks.

Affected Version(s)

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) 0 <= 10.1.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/google-analyti...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

Dmitrii Ignatyev

CVE-2026-5371 Data

JSON