WordPress Plugin Vulnerabilities

Analytify < 5.5.0 - Missing Authorization

Description

The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.4.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
wp-analytify
Fixed in 5.5.0

References

CVE
CVE-2024-53814
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/b452fcc8-1359-439c-a255-91054c83d6aa

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Trương Hữu Phúc (truonghuuphuc)
Verified
No
WPVDB ID
3c424be8-13d4-4e08-9dc0-5a77ad631367

Timeline

Publicly Published
2024-12-02 (about 1 year ago)
Added
2024-12-11 (about 1 year ago)
Last Updated
2024-12-11 (about 1 year ago)

Other

Published
Title
Published
2024-08-12
Title
Backup and Restore WordPress <= 1.50 - Missing Authorization
Published
2022-02-15
Title
Relevanssi - Subscriber+ Unauthorised AJAX Calls
Published
2026-02-09
Title
Atarim < 4.2.2 - Missing Authorization
Published
2025-01-24
Title
Gutenberg Blocks by Kadence Blocks < 3.3.2 - Missing Authorization
Published
2025-12-22
Title
Tablesome < 1.1.35.2 - Missing Authorization