Skip to main content

Plugin For Google Analytics By Io Technologies

1 CVEs product

Monthly

CVE-2026-8944 MEDIUM This Month

Cross-site request forgery in Plugin for Google Analytics by IO Technologies (WordPress) versions up to and including 1.1 allows unauthenticated remote attackers to overwrite the site's Google Analytics tracking ID by tricking a logged-in administrator into clicking a crafted link. The flaw stems from absent nonce validation on the ga.php settings handler, meaning forged POST requests bypass WordPress's standard CSRF protections entirely. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, and the CVSS score of 4.3 reflects the required administrator interaction and limited integrity-only impact.

WordPress CSRF PHP Google Plugin For Google Analytics By Io Technologies
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site request forgery in Plugin for Google Analytics by IO Technologies (WordPress) versions up to and including 1.1 allows unauthenticated remote attackers to overwrite the site's Google Analytics tracking ID by tricking a logged-in administrator into clicking a crafted link. The flaw stems from absent nonce validation on the ga.php settings handler, meaning forged POST requests bypass WordPress's standard CSRF protections entirely. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, and the CVSS score of 4.3 reflects the required administrator interaction and limited integrity-only impact.

WordPress CSRF PHP +2
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy