CVE-2024-0250

Name of the Vulnerable Software and Affected Versions Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin versions prior to 6.3

Description The issue is related to insufficient validation on the redirect oauth2callback.php file, which makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. This is due to an Open Redirect vulnerability.

Recommendations For versions prior to 6.3, update to version 6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the oauth2callback.php file to minimize the risk of exploitation.