| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5488 | ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | Medium | 5.3 | 2026-04-24 03:27:06 | Deep Dive |
| CVE-2026-5464 | ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | High | 7.2 | 2026-04-23 08:28:26 | Deep Dive |
| CVE-2026-5231 | WP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter | veronalabs | WP Statistics – Simple, privacy-friendly Google Analytics alternative | High | 7.2 | 2026-04-17 01:24:38 | Deep Dive |
| CVE-2026-3488 | WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation | veronalabs | WP Statistics – Simple, privacy-friendly Google Analytics alternative | Medium | 6.5 | 2026-04-17 01:24:38 | Deep Dive |
| CVE-2026-34261 | Missing Authorization check in SAP Business Analytics and SAP Content Management | SAP_SE | SAP Business Analytics and SAP Content Management | Medium | 6.5 | 2026-04-14 00:08:51 | Deep Dive |
| CVE-2026-3529 | Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024 | Drupal | Google Analytics GA4 | - | - | 2026-03-26 20:03:29 | Deep Dive |
| CVE-2026-2072 | Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer | Hitachi | Hitachi Infrastructure Analytics Advisor | High | 8.2 | 2026-03-25 02:15:44 | Deep Dive |
| CVE-2026-3570 | Smarter Analytics <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter | acumenconsulting | Smarter Analytics | Medium | 5.3 | 2026-03-21 03:26:30 | Deep Dive |
| CVE-2026-1238 | SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh' | veronalabs | SlimStat Analytics | High | 7.2 | 2026-03-19 04:27:30 | Deep Dive |
| CVE-2026-1267 | IBM Planning Analytics Information Disclosure | IBM | Planning Analytics Local | Medium | 6.5 | 2026-03-17 21:50:25 | Deep Dive |
| CVE-2025-14806 | IBM Planning Analytics Information Disclosure | IBM | Planning Analytics Local | Medium | 5.7 | 2026-03-17 21:50:22 | Deep Dive |
| CVE-2026-1992 | ExactMetrics 8.6.0 - 9.0.2 - Authenticated (Custom) Insecure Direct Object Reference to Arbitrary Plugin Installation | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | High | 8.8 | 2026-03-11 09:25:43 | Deep Dive |
| CVE-2026-1993 | ExactMetrics 7.1.0 - 9.0.2 - Authenticated (Custom) Improper Privilege Management to Role Privilege Escalation via Settings Update | smub | ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) | High | 8.8 | 2026-03-11 09:25:42 | Deep Dive |
| CVE-2025-36105 | IBM Planning Analytics Advanced Certified Containers is vulnerable to a sensitive information disclosure vulnerability | IBM | Planning Analytics Advanced Certified Containers | Medium | 4.4 | 2026-03-10 00:50:06 | Deep Dive |
| CVE-2025-11158 | Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization | Hitachi Vantara | Pentaho Data Integration and Analytics | Critical | 9.1 | 2026-03-09 22:12:52 | Deep Dive |
| CVE-2025-69323 | WordPress Slimstat Analytics plugin <= 5.3.2 - Reflected Cross Site Scripting (XSS) vulnerability | VeronaLabs | Slimstat Analytics | - | - | 2026-02-20 15:46:49 | Deep Dive |
| CVE-2025-68028 | WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - Broken Access Control vulnerability | Passionate Brains | GA4WP: Google Analytics for WordPress | Medium | 6.5 | 2026-02-20 15:46:36 | Deep Dive |
| CVE-2025-68032 | WordPress Advanced WC Analytics plugin <= 3.19.0 - Settings Change vulnerability | Passionate Brains | Advanced WC Analytics | Medium | 6.5 | 2026-02-20 15:46:36 | Deep Dive |
| CVE-2025-13431 | SlimStat Analytics <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter | veronalabs | SlimStat Analytics | Medium | 6.5 | 2026-02-11 01:23:35 | Deep Dive |
| CVE-2024-40685 | IBM Operations Analytics - Log Analysis is affected by CSRF Token Replay Attack | IBM | Operations Analytics - Log Analysis | Medium | 4.3 | 2026-02-04 21:12:47 | Deep Dive |