WordPress Plugin Vulnerabilities

Lara Google Analytics < 2.0.5 - Authenticated Stored XSS

Description

An authenticated stored Cross-Site Scripting (XSS) vulnerability within the "Google Analytics – by Lara" WordPress plugin was found to be exploited in the wild by security vendor NinTechNet.

Affects Plugins

Plugin icon
lara-google-analytics
Fixed in 2.0.5

References

CVE
CVE-2020-20626
URL
https://blog.nintechnet.com/zero-day-vulnerability-exploited-in-wordpress-lara-google-analytics-plugin/
URL
https://plugins.trac.wordpress.org/changeset/2172592/lara-google-analytics

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.2 (high)

Miscellaneous

Original Researcher
NinTechNet
Verified
No
WPVDB ID
e17f46b0-715c-4499-9b38-c082f3d02775

Timeline

Publicly Published
2019-10-14 (about 6 years ago)
Added
2019-10-14 (about 6 years ago)
Last Updated
2020-09-01 (about 5 years ago)

Other

Published
Title
Published
2025-01-16
Title
Redux Converter <= 1.1.3.1 - Reflected Cross-Site Scripting
Published
2025-01-16
Title
EELV Newsletter <= 4.8.2 - Reflected Cross-Site Scripting
Published
2026-03-10
Title
Responsive Contact Form Builder & Lead Generation Plugin < 2.0.2 - Unauthenticated Stored Cross-Site Scripting
Published
2025-04-01
Title
Nova Blocks by Pixelgrade < 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-12-31
Title
Accessibility Press <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting