EUVD-2026-25393
GHSA-36m8-qf73-626j
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
The ExactMetrics - Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the get_ads_access_token() and reset_experience() AJAX handlers. While the mi-admin-nonce is localized on all admin pages (including profile.php which subscribers can access), and while other similar AJAX endpoints in the same class properly check for the exactmetrics_save_settings capability, these two endpoints only verify the nonce. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve valid Google Ads access tokens and reset Google Ads integration settings.
AnalysisAI
ExactMetrics Google Analytics Dashboard for WordPress versions up to 9.1.2 allow authenticated subscribers to retrieve Google Ads access tokens and reset Google Ads integration settings through missing authorization checks in AJAX handlers. Although a nonce is verified, two AJAX endpoints (get_ads_access_token and reset_experience) lack the capability checks present in similar endpoints, enabling attackers with subscriber-level access to perform administrative actions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Share
External POC / Exploit Code
Leaving vuln.today