CVE-2025-14609

Name of the Vulnerable Software and Affected Versions Wise Analytics versions up to and including 1.1.9

Description The Wise Analytics plugin for WordPress is affected by a missing authorization issue. Capability checks are absent on the REST API endpoint '/wise-analytics/v1/report', allowing unauthenticated attackers to access sensitive analytics data. This data includes administrator usernames, login timestamps, visitor tracking information, and business intelligence data. Access is achieved through the 'name' parameter by sending unauthenticated requests.

Recommendations Update Wise Analytics to a version later than 1.1.9.