CVE-2026-5371

Name of the Vulnerable Software and Affected Versions MonsterInsights – Google Analytics Dashboard for WordPress versions prior to 10.1.3

Description Missing capability checks in the get ads access token() and reset experience() functions allow authenticated attackers with Subscriber-level access or higher to retrieve live Google OAuth access tokens and reset the Google Ads integration.

Recommendations Update to a version later than 10.1.2. As a temporary workaround, restrict access to the get ads access token() and reset experience() functions to minimize the risk of unauthorized data access and modification.