EUVD-2026-14015
GHSA-294q-4m4m-vwq9
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3Description
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for unauthenticated attackers to reset all plugin configuration and delete all per-page/per-post analytics settings via the 'reset' parameter.
Analysis
The Smarter Analytics WordPress plugin (all versions up to 2.0) contains an authentication bypass vulnerability that allows unauthenticated attackers to reset plugin configuration and delete all analytics settings via the 'reset' parameter in the global scope of smarter-analytics.php. This is a missing authentication and capability check vulnerability (CWE-862) with a CVSS score of 5.3, classified as moderate severity with low attack complexity and no authentication required. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems running for WordPress is vulnerable to unauthorized access in all and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today