cbcvebase.

Smub Exactmetrics Google Analytics Dashboard For Wordpress vulnerabilities

4 known vulnerabilities affecting smub/exactmetrics_google_analytics_dashboard_for_wordpress.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-1992P2HIGHCVSS 8.8≥ 8.0.0, ≤ 9.0.22026-03-11
CVE-2026-1992 [HIGH] CWE-639 CVE-2026-1992: The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `store_settings()` method in the `ExactMetrics_Onboarding` class accepting a user-supplied `triggered_by` parameter that is used instead of the current user's ID to check permissions. Thi
nvd
CVE-2026-1993P3HIGHCVSS 8.8≥ 7.1.0, ≤ 9.0.22026-03-11
CVE-2026-1993 [HIGH] CWE-269 CVE-2026-1993: The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privile The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `update_settings()` function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible for authenticated attackers with the `exactmetrics_save
nvd
CVE-2026-5464P3HIGHCVSS 7.2≤ 9.1.22026-04-23
CVE-2026-5464 [HIGH] CWE-862 CVE-2026-5464: The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPr The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboarding_key' transient to any user with the 'exactmetrics_view_dashboard' capabili
nvd
CVE-2026-5488P4MEDIUMCVSS 5.3≤ 9.1.22026-04-24
CVE-2026-5488 [MEDIUM] CWE-862 CVE-2026-5488: The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Mi The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks in the get_ads_access_token() and reset_experience() AJAX handlers. While the mi-admin-nonce is localized on all admin pages (including profile.php which
nvd
Smub Exactmetrics Google Analytics Dashboard For Wordpress vulnerabilities | cvebase