CVE-2024-1584

Name of the Vulnerable Software and Affected Versions: Analytify – Google Analytics Dashboard For WordPress versions up to, and including, 5.2.1

Description: The issue is related to a missing capability check on the wpa check authentication function, which allows unauthorized modification of data. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID. The vulnerability can be exploited by a remote attacker to change the site's Google Analytics tracking ID due to insufficient authorization procedure.

Recommendations: For versions up to, and including, 5.2.1, update to a version that includes a fix for the missing capability check on the wpa check authentication function. As a temporary workaround, consider restricting access to the wpa check authentication function until a patch is available.