WordPress Plugin Vulnerabilities

Analytify < 4.2.1 - Reflected Cross-Site Scripting

Description

The plugin does not escape the current URL before outputting it back in a 404 page when the 404 tracking feature is enabled, leading to Reflected Cross-Site Scripting

Proof of Concept

Affects Plugins

Plugin icon
wp-analytify
Fixed in 4.2.1

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
b8415ed5-6fd0-42fe-9201-73686c1871c5

Timeline

Publicly Published
2022-06-20 (about 3 years ago)
Added
2022-06-20 (about 3 years ago)
Last Updated
2022-06-20 (about 3 years ago)

Other

Published
Title
Published
2022-05-06
Title
wpDataTables < 2.1.28 - Admin+ Stored Cross-Site Scripting
Published
2025-04-01
Title
WPSHARE247 Elementor Addons <= 2.5 - Contributor+ Stored XSS
Published
2021-03-24
Title
MapifyLite & MapifyPro < 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2023-01-25
Title
Opening Hours <= 2.3.0 - Contributor+ Stored XSS via Shortcode
Published
2025-11-26
Title
Simple Folio < 1.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting