Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) < 5.2.4 – Missing Authorization | CVE 2024-1809 | Plugin Vulnerabilities

Description

The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings.

Affects Plugins

Fixed in 5.2.4

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Lucio Sá

Verified

No

WPVDB ID

0eaaf108-43aa-4c6c-8fd2-e5738b398d9b

Timeline

Publicly Published

2024-04-29 (about 2 years ago)

Added

2024-04-29 (about 2 years ago)

Last Updated

2024-04-29 (about 2 years ago)

Other

Published

Title

Published

2025-09-22

Title

Subresource Integrity (SRI) Manager <= 0.4.0 - Missing Authorization

Published

2025-11-03

Title

Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass

Published

2024-12-06

Title

SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion

Published

2025-04-02

Title

Rich Text Editor <= 1.0.1 - Missing Authorization

Published

2025-08-10

Title

WebinarIgnition < 4.06.05 - Missing Authorization