Search
Search Results (3 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12540 | 2 Sharethis, Wordpress | 2 Dashboard For Google Analytics, Wordpress | 2026-01-08 | 4.7 Medium |
| The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to craft a link to the sharethis.com server, which will share an authorization token for Google Analytics with a malicious website, if the attacker can trick an administrator logged into the website and Google Analytics to click the link. | ||||
| CVE-2025-1507 | 1 Sharethis | 1 Dashboard For Google Analytics | 2025-03-27 | 5.3 Medium |
| The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features. | ||||
| CVE-2021-24438 | 1 Sharethis | 1 Dashboard For Google Analytics | 2024-11-21 | 6.1 Medium |
| The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator | ||||
Page 1 of 1.