CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for unauthenticated attackers to reset all plugin configuration and delete all per-page/per-post analytics settings via the 'reset' parameter.
Explanation of Vulnerability in Simple Terms
Smarter Analytics versions 2.0 and earlier lack proper authorization checks, allowing unauthenticated attackers to modify data on the site. The vulnerability requires no user interaction and can be exploited over the network. Site administrators should update to a version newer than 2.0 as soon as possible.
What an attacker can do
Modify data on the site without authentication.
Potential impact on your site
Unauthorized users can alter site data, potentially affecting content integrity and user trust.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities
