CVE-2026-8944

Name of the Vulnerable Software and Affected Versions Plugin for Google Analytics by IO technologies versions prior to 1.2

Description Cross-Site Request Forgery occurs on the Google Analytics settings page 'ga.php' due to missing or incorrect nonce validation. A nonce is a unique token used to prevent the replay of a request. This allows unauthenticated attackers to update the stored Google Analytics tracking ID option io-ga-id by tricking a site administrator into clicking a malicious link.

Recommendations Update the plugin to a version newer than 1.1.