WordPress Plugin Vulnerabilities

Analytify Dashboard < 5.1.1 - Missing Authorization to Opt-In

Description

The Analytify Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optin_yes() function in versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber-level and above access, to optin the the plugin's tracking.

Affects Plugins

Plugin icon
wp-analytify
Fixed in 5.1.1

References

CVE
CVE-2023-41695
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/970b3a0f-c1cc-4d85-8271-a523ccdbcc39

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (Medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
f3499eda-3d89-4fe2-9e26-0ba484f52a43

Timeline

Publicly Published
2023-09-05 (about 2 years ago)
Added
2023-11-24 (about 2 years ago)
Last Updated
2023-12-04 (about 2 years ago)

Other

Published
Title
Published
2025-09-05
Title
Media Author <= 1.0.4 - Missing Authorization
Published
2025-04-01
Title
Export All Post Meta <= 1.2.1 - Missing Authorization
Published
2024-08-09
Title
WP Search Analytics < 1.4.10 - Missing Authorization
Published
2024-04-25
Title
KB Support < 1.6.1 - Missing Authorization
Published
2025-04-09
Title
Rich Table of Contents < 1.4.1 - Missing Authorization