PT-2026-4568 · WordPress · Wsanalytics
Lior Yeshayahu
·
Publicado
2026-01-24
·
Atualizado
2026-01-24
·
CVE-2025-14609
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Wise Analytics versions up to and including 1.1.9
Description
The Wise Analytics plugin for WordPress is affected by a missing authorization issue. Capability checks are absent on the REST API endpoint '/wise-analytics/v1/report', allowing unauthenticated attackers to access sensitive analytics data. This data includes administrator usernames, login timestamps, visitor tracking information, and business intelligence data. Access is achieved through the 'name' parameter by sending unauthenticated requests.
Recommendations
Update Wise Analytics to a version later than 1.1.9.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wsanalytics