WordPress · Analyticator · CVE-2022-3425
**Name of the Vulnerable Software and Affected Versions**
The Analyticator WordPress plugin versions prior to 6.5.6
**Description**
The issue allows high-privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing user input provided via the settings.
**Recommendations**
For versions prior to 6.5.6, update to version 6.5.6 or later to resolve the issue.