CVE-2025-30897 - Vulnerability Details

- WordPress Analytify plugin <= 5.5.1 - Settings Change vulnerability

Description

Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.5.1.

Published: 2025-03-27

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The WordPress Analytify plugin has a missing authorization flaw that permits a user to modify its settings without the proper privilege. Labeled as CWE‑862, the vulnerability allows an authenticated user to change analytics configuration, potentially leading to incorrect tracking or exposing private information through misconfigured reports.

Affected Systems

The flaw affects the Adnan:Analytify WordPress plugin across all releases up to and including version 5.5.1. No specific sub‑minor versions are indicated beyond the <=5.5.1 boundary.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate risk, while the EPSS score of less than 1 % suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to be authenticated to the WordPress site but does not require elevated privileges; they can then access the plugin’s settings page and alter its configuration, making this a relatively low‑barrier, locally or remotely authenticated attack.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Adnan

Analytify

unaffected

Version	Status	Constraints
`0`	affected	≤ 5.5.1

Configuration 1 [-]

cpe:2.3:a:analytify:analytify_-_google_analytics_dashboard:*:*:*:*:*:wordpress:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Analytify plugin to the latest version that resolves the missing authorization flaw.
If an immediate upgrade is not feasible, limit access to the plugin’s settings page to administrator roles only, using a role‑management plugin or custom code.
Verify that no non‑admin users have permissions to view or edit Analytify configuration and remove any such privileges.

Generated by OpenCVE AI on May 1, 2026 at 03:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-8300	Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0037.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-5-1-settings-change-vulnerability?_s_id=cve

History

Thu, 23 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}`

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description	Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1.	Missing Authorization vulnerability in Adnan Analytify wp-analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through <= 5.5.1.
References	https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-5-1-settings-change-vulnerability?_s_id=cve	https://patchstack.com/database/Wordpress/Plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-5-1-settings-change-vulnerability?_s_id=cve
Metrics	cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}`

Mon, 09 Jun 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Analytify Analytify analytify - Google Analytics Dashboard
CPEs		cpe:2.3:a:analytify:analytify_-_google_analytics_dashboard::::::wordpress::*
Vendors & Products		Analytify Analytify analytify - Google Analytics Dashboard

Thu, 27 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 27 Mar 2025 11:00:00 +0000

Type	Values Removed	Values Added
Description		Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.1.
Title		WordPress Analytify plugin <= 5.5.1 - Settings Change vulnerability
Weaknesses		CWE-862
References		https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-5-1-settings-change-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}`

Subscriptions

Analytify Analytify - Google Analytics Dashboard

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2025-03-27T10:55:48.251Z

Updated: 2026-04-28T16:11:59.960Z

Reserved: 2025-03-26T09:21:31.390Z

Link: CVE-2025-30897

Vulnrichment

Updated: 2025-03-27T19:32:07.508Z

NVD

Status : Modified

Published: 2025-03-27T11:15:50.777

Modified: 2026-04-23T15:27:17.173

Link: CVE-2025-30897

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-01T03:45:07Z

Weaknesses

CWE-862

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object