CVE-2022-3904

Name of the Vulnerable Software and Affected Versions MonsterInsights WordPress plugin versions prior to 8.9.1

Description The issue allows an unauthenticated attacker to inject arbitrary web scripts into page titles by spoofing requests to Google Analytics, due to the lack of sanitization or escaping of page titles in the top posts/pages section.

Recommendations For versions prior to 8.9.1, update to version 8.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the top posts/pages section until the update is applied.