CVE-2025-12540

Name of the Vulnerable Software and Affected Versions ShareThis Dashboard for Google Analytics plugin for WordPress versions through 3.2.4

Description The plugin is susceptible to Sensitive Information Exposure. The Google Analytics client ID and client secret are stored in plaintext within the publicly accessible plugin source code. An unauthenticated attacker could potentially create a link to the sharethis.com server. If an administrator, logged into the website and Google Analytics, clicks this link, it could share a Google Analytics authorization token with a malicious website.

Recommendations Update to a version beyond 3.2.4.