CVE-2024-1809

Published May 2, 2024

Last updated 9 months ago

CVSS medium 5.4

Overview

Description
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.
Source
security@wordfence.com
NVD status
Analyzed
Products
analytify_-_google_analytics_dashboard

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.4
Impact score
2.5
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-862

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1.CVE-2025-30897
  2. Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.0.CVE-2025-26773
  3. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3.CVE-2024-53814
  4. Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.3.1.CVE-2024-43265
  5. Cross-Site Request Forgery (CSRF) vulnerability in Analytify.This issue affects Analytify: from n/a through 5.2.3.CVE-2024-35689

References

Sources include official advisories and independent security research.