| CVE-2025-32282 | WordPress ShareThis Dashboard for Google Analytics plugin <= 3.2.3 - Cross Site Request Forgery (CSRF) vulnerability | ShareThis | ShareThis Dashboard for Google Analytics | Medium | 4.3 | 2025-04-10 08:09:48 | Deep Dive |
| CVE-2025-1507 | ShareThis Dashboard for Google Analytics <= 3.2.1 - Missing Authorization to Unauthenticated Feature Deactivation | sharethis | ShareThis Dashboard for Google Analytics | Medium | 5.3 | 2025-03-14 08:23:04 | Deep Dive |
| CVE-2025-22515 | WordPress Show Google Analytics widget plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability | Simon | Show Google Analytics widget | Medium | 6.5 | 2025-01-07 14:57:36 | Deep Dive |
| CVE-2024-12072 | Analytics Cat – Google Analytics Made Easy <= 1.1.2 - Reflected Cross-Site Scripting | fatcatapps | Analytics Cat – Google Analytics Made Easy | Medium | 6.1 | 2024-12-12 05:24:21 | Deep Dive |
| CVE-2023-23887 | WordPress Easy Google Analytics for WordPress plugin <= 1.6.0 - Broken Access Control vulnerability | Shahjada | Easy Google Analytics for WordPress | Medium | 5.3 | 2024-12-09 11:31:46 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-6288 | Conversios.io - All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 7.1.0 - Reflected Cross-Site Scripting | tatvic | Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels | Medium | 4.7 | 2024-06-28 06:57:47 | Deep Dive |
| CVE-2024-1809 | Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Missing Authorization | hiddenpearls | Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) | Medium | 5.4 | 2024-05-02 16:52:16 | Deep Dive |
| CVE-2024-1584 | Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification | hiddenpearls | Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) | Medium | 5.3 | 2024-05-02 16:51:55 | Deep Dive |
| CVE-2023-52220 | WordPress MonsterInsights plugin <= 8.21.0 - Broken Access Control vulnerability | MonsterInsights | Google Analytics by Monster Insights | Medium | 4.3 | 2024-04-25 09:33:37 | Deep Dive |
| CVE-2024-32145 | WordPress WP Google Analytics Events – No-Code Custom Event Tracking for Google Analytics plugin <= 2.8.0 - Reflected Cross-Site Scripting vulnerability | PineWise | WP Google Analytics Events | High | 7.1 | 2024-04-15 07:03:14 | Deep Dive |
| CVE-2022-45851 | WordPress ShareThis Dashboard for Google Analytics plugin <= 3.1.4 - Broken Access Control vulnerability | ShareThis | ShareThis Dashboard for Google Analytics | Medium | 5.4 | 2024-03-25 11:30:02 | Deep Dive |
| CVE-2024-29094 | WordPress HT Easy GA4 plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability | HasThemes | HT Easy GA4 ( Google Analytics 4 ) | High | 7.1 | 2024-03-19 16:38:15 | Deep Dive |
| CVE-2024-1203 | Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection | tatvic | Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels | High | 8.8 | 2024-03-13 15:26:59 | Deep Dive |
| CVE-2024-1176 | HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update | htplugins | HT Easy GA4 – Google Analytics WordPress Plugin | Medium | 5.3 | 2024-03-13 15:26:34 | Deep Dive |
| CVE-2024-0786 | Conversios <= 7.0.7 - Authenticated (Subscriber+) SQL Injection via ee_syncProductCategory | tatvic | Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels | High | 8.8 | 2024-02-28 08:33:13 | Deep Dive |
| CVE-2024-0250 | Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect | Unknown | Analytics Insights for Google Analytics 4 (AIWP) | 中危 | - | 2024-02-12 16:05:58 | Deep Dive |
| CVE-2023-6637 | CAOS | Host Google Analytics Locally <= 4.7.14 - Missing Authorization to Unauthenticated Plugin Settings Update | daanvandenbergh | CAOS | Host Google Analytics Locally | Medium | 6.5 | 2024-01-11 08:32:36 | Deep Dive |
| CVE-2023-46094 | WordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS) | Conversios | Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce | High | 7.1 | 2023-10-26 12:18:46 | Deep Dive |
| CVE-2023-23651 | WordPress MainWP Google Analytics Extension Plugin <= 4.0.4 - SQL Injection vulnerability | MainWP | MainWP Google Analytics Extension | High | 8.5 | 2023-10-12 11:26:04 | Deep Dive |