CVE-2024-1176 MEDIUM

CVE-2024-1176: HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update

Vendor Htplugins
Product HT Easy GA4 – Google Analytics WordPress Plugin
Weakness CWE-862 · Missing authorization
Published March 13, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4.

Key dates

02Disclosure timeline

March 13, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-32951 WordPress Max Addons Pro for Bricks plugin <= 1.6.1 - Unauthenticated Plugin Settings Reset vulnerability CVE-2025-62909 WordPress Smart WeTransfer plugin <= 1.3 - Broken Access Control vulnerability CVE-2023-49757 WordPress Awesome Support plugin <= 6.1.10 - Broken Access Control + CSRF vulnerability CVE-2024-6180 EventON <= 2.2.15 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting and Plugin Settings Updates CVE-2024-10664 Knowledge Base documentation & wiki plugin – BasePress Docs <= 2.16.3.3 - Missing Authorization to Authenticated (Subscriber+) Database Update