Lara Google Analytics <= 2.0.4 - Authenticated Stored XSS



Description
An authenticated stored Cross-Site Scripting (XSS) vulnerability within the "Google Analytics – by Lara" WordPress plugin was found to be exploited in the wild by security vendor NinTechNet.

Affects Plugin

fixed in version 2.0.5

References

URL https://blog.nintechnet.com/zero-day-vulnerability-exploited-in-wordpress-lara-google-analytics-plugin/
URL https://plugins.trac.wordpress.org/changeset/2172592/lara-google-analytics

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher NinTechNet
Views 3616
Verified No
WPVDB ID 9906

Timeline

Publicly Published 2019-10-14 (2 months ago)
Added 2019-10-14 (2 months ago)
Last Updated 2019-11-28 (17 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin