Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-1176

The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4.

Published

2024-03-13T16:15:17.933

Last Modified

2025-03-12T13:19:30.843

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hasthemes	ht_easy_ga4	< 1.2.0	Yes

References

https://plugins.trac.wordpress.org/browser/ht-easy-google-analytics/trunk/includes/class.ht-easy-ga4.php#L99 Product ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/10e1b3ac-f002-4108-9682-5fe300f07adb?source=cve Third Party Advisory ([email protected])
https://plugins.trac.wordpress.org/browser/ht-easy-google-analytics/trunk/includes/class.ht-easy-ga4.php#L99 Product (af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/threat-intel/vulnerabilities/id/10e1b3ac-f002-4108-9682-5fe300f07adb?source=cve Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)