WordPress Plugin Vulnerabilities

Google Analyticator <= 6.4.9.3 - Cross-Site Request Forgery (CSRF)

Description

The Google Analyticator WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
google-analyticator
Fixed in 6.4.9.4

References

CVE
CVE-2015-4697
URL
https://packetstormsecurity.com/files/#132384/
URL
https://seclists.org/fulldisclosure/2015/Jun/57
URL
https://plugins.trac.wordpress.org/changeset/1183563

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
ebcbfe6d-26d2-4d66-86ba-eb75470197ea

Timeline

Publicly Published
2015-06-19 (about 10 years ago)
Added
2015-06-21 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-08-21
Title
WP Google Map Plugin < 2.3.10 - Multiple CSRF
Published
2025-10-02
Title
Attractive Donations System - Easy Stripe & Paypal donations <= 1.25 - Cross-Site Request Forgery
Published
2024-06-13
Title
Schema App Structured Data < 2.2.1 - Cross-Site Request Forgery
Published
2023-07-05
Title
ShopLentor < 2.6.3 - Settings Update via CSRF
Published
2025-01-16
Title
WP-BlackCheck <= 2.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting