Google Analytics Counter Tracker < 3.5.0 – Unauthenticated PHP Object Injection | Plugin Vulnerabilities

Affects Plugins

analytics-counter

Fixed in 3.5.0

References

URL

https://sumofpwn.nl/advisory/2016/google_analytics_counter_tracker_wordpress_plugin_unauthenticed_php_object_injection_vulnerability.html

URL

https://seclists.org/fulldisclosure/2016/Dec/38

URL

https://plugins.trac.wordpress.org/changeset/1536434/analytics-counter

URL

https://www.pluginvulnerabilities.com/2016/11/15/vulnerability-details-php-object-injection-vulnerability-in-google-analytics-counter-tracker/

Classification

Type

OBJECT INJECTION

OWASP top 10

A8: Insecure Deserialization

CWE

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

Verified

No

WPVDB ID

3c26e6b8-c718-403d-9911-94a7aa64a42a

Timeline

Publicly Published

2016-11-15 (about 9 years ago)

Added

2016-12-11 (about 9 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2026-03-18

Title

SUMO Affiliates Pro < 11.4.0 - Unauthenticated PHP Object Injection

Published

2024-04-03

Title

Modal Popup Box – Popup Builder, Show Offers And News in Popup < 1.5.3 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode

Published

2025-03-21

Title

ProfileGrid – User Profiles, Groups and Communities < 5.9.4.6 - Authenticated (Subscriber+) PHP Object Injection

Published

2026-03-20

Title

Vex < 1.2.9 - Authenticated (Subscriber+) PHP Object Injection

Published

2022-10-10

Title

PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection