PT-2026-26860 · WordPress · Smarter Analytics
Phong Nguyen
·
Publicado
2026-03-21
·
Atualizado
2026-03-21
·
CVE-2026-3570
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Smarter Analytics plugin for WordPress versions prior to 2.1
Description
The Smarter Analytics plugin for WordPress is susceptible to unauthorized access due to missing authentication and capability checks on the configuration reset functionality within the
smarter-analytics.php file. This allows unauthenticated attackers to reset all plugin configurations and delete per-page/per-post analytics settings by manipulating the reset parameter.Recommendations
Update to version 2.1 or later.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Smarter Analytics