Google Analytics by Yoast | WordPress.org

Steve Borsch
(@sborsch)

8 years, 8 months ago

I receive alerts from the WPScan Vulnerability Database and one came across this morning for this plugin.

The advisory is Google Analytics by Yoast <= 5.4.4 – Authenticated Stored Cross-Site Scripting and the security advisory is here.

Should you be concerned? Only if you are running a membership site or one where you don’t have trusted, registered users since any user can apparently (and easily) “escalate” their permissions. If you have doubts, deactivate the plugin NOW until it is patched.

Yoast is very fast at updating—I have a high degree of confidence in Yoast and his team—so this will get patched quickly. I hope it does since I have it installed on dozens of client sites. 😉

https://wordpress.org/plugins/google-analytics-for-wordpress/

The topic ‘Google Analytics by Yoast’ is closed to new replies.

In: Plugins
0 replies
1 participant
Last reply from: Steve Borsch
Last activity: 8 years, 8 months ago
Status: not resolved