Wp Search Analytics
Monthly
Missing authorization in the WP Search Analytics WordPress plugin (versions before 1.5.0) allows unauthenticated remote attackers to bypass access controls and perform unauthorized write operations against affected WordPress installations. Reported by Patchstack and tracked as EUVD-2026-31761, this broken access control issue (CWE-862) carries a medium CVSS score of 5.3 with no confidentiality or availability impact - only limited integrity impact. No public exploit has been identified and no active exploitation is confirmed, with EPSS placing exploitation probability at 0.03% (8th percentile), making this a low real-world priority despite being automatable per SSVC.
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing authorization in the WP Search Analytics WordPress plugin (versions before 1.5.0) allows unauthenticated remote attackers to bypass access controls and perform unauthorized write operations against affected WordPress installations. Reported by Patchstack and tracked as EUVD-2026-31761, this broken access control issue (CWE-862) carries a medium CVSS score of 5.3 with no confidentiality or availability impact - only limited integrity impact. No public exploit has been identified and no active exploitation is confirmed, with EPSS placing exploitation probability at 0.03% (8th percentile), making this a low real-world priority despite being automatable per SSVC.
The WP Search Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.