The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-11T08:32:35.681Z
Updated: 2024-08-02T08:35:14.866Z
Reserved: 2023-12-08T19:40:32.987Z
Link: CVE-2023-6637
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-11T09:15:50.753
Modified: 2024-01-18T17:09:32.967
Link: CVE-2023-6637
Redhat
No data.