Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 10 known issues Latest disclosed Jan 05, 2024

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) Vulnerabilities

Q: How many MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) vulnerabilities have patch guidance?

10 of 10 tracked MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) records include a published patch path.

Review known vulnerability records for the WordPress plugin MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (`google-analytics-for-wordpress`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2023-52220, CVE-2023-23999 and CVE-2023-0081, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Jan 22, 2024

Priority CVE Quick Links

Fast paths into MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2023-23999 Medium 8.14.1

CVE-2023-23999 MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) Stored Cross-Site Scripting

Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2023-0081 Medium 8.12.1

CVE-2023-0081 MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) Stored Cross-Site Scripting

MonsterInsights <= 8.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2022-3904 Medium 8.9.1

CVE-2022-3904 MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) Stored Cross-Site Scripting

MonsterInsights <= 8.9.0 - Unauthenticated Stored Cross-Site Scripting via Google Analytics

CVE-2023-52220 Medium 8.22.0

CVE-2023-52220 MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) Vulnerability

Google Analytics by Monster Insights <= 8.21.0 - Missing Authorization

CVE-2014-9174 Low 5.1.3

CVE-2014-9174 MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) Cross-Site Scripting

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.1.2 - Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

10 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 2 high severity findings.

Recent CVEs

CVE-2023-52220, CVE-2023-23999 and CVE-2023-0081

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2023-52220 Medium Patch path listed

CVE-2023-52220: Google Analytics by Monster Insights <= 8.21.0 - Missing Authorization

The Google Analytics by Monster Insights plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 8.21.0. This makes it p...

Published

Jan 05, 2024

Patch Status

8.22.0

Open CVE-2023-52220 Report

CVE-2023-23999 Medium Patch path listed

CVE-2023-23999: Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Google Analytics by Monster Insights plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.14.0 due to insufficient input sanitization and...

Published

May 10, 2023

Patch Status

8.14.1

Open CVE-2023-23999 Report

CVE-2023-0081 Medium Patch path listed

CVE-2023-0081: MonsterInsights <= 8.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The MonsterInsights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unspecified block options (used in pages and posts) in versions up to, and including, 8.12.0 due to...

Published

Jan 13, 2023

Patch Status

8.12.1

Open CVE-2023-0081 Report

Known Vulnerabilities

Reports for MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2023-52220

CVE-2023-52220: Google Analytics by Monster Insights <= 8.21.0 - Missing Authorization

The Google Analytics by Monster Insights plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 8.21.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

Published

Jan 05, 2024

Patched Release

8.22.0

Affected Versions

Versions up to 8.21.0

Next Step

Update to 8.22.0 or newer if supported.

Open CVE-2023-52220 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-23999

CVE-2023-23999: Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Google Analytics by Monster Insights plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 8.14.0 due to insufficient input sanitization and output escaping on the style attribute. This makes it possible for authenticated attacker...

Published

May 10, 2023

Patched Release

8.14.1

Affected Versions

Versions up to 8.14.0

Next Step

Update to 8.14.1 or newer if supported.

Open CVE-2023-23999 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-0081

CVE-2023-0081: MonsterInsights <= 8.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The MonsterInsights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unspecified block options (used in pages and posts) in versions up to, and including, 8.12.0 due to insufficient input sanitization and output escaping. This makes it possible for contributo...

Published

Jan 13, 2023

Patched Release

8.12.1

Affected Versions

Versions up to 8.12.0

Next Step

Update to 8.12.1 or newer if supported.

Open CVE-2023-0081 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-3904

CVE-2022-3904: MonsterInsights <= 8.9.0 - Unauthenticated Stored Cross-Site Scripting via Google Analytics

The MonsterInsights plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles and pages in versions up to, and including, 8.9.0 due to insufficient input sanitization and output escaping on those values. This makes it possible for unauthenticated attackers...

Published

Dec 23, 2022

Patched Release

8.9.1

Affected Versions

Versions up to 8.9.0

Next Step

Update to 8.9.1 or newer if supported.

Open CVE-2022-3904 Report Open CVE Reference

Plugin Medium Patched: Yes

MonsterInsights – Google Analytics Dashboard for WordPress <= 7.1 - Stored Cross-Site Scripting

The MonsterInsights – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tab parameter in versions up to, and including 7.1. This makes it possible for lower-privileged attackers to inject arbitrary web scripts in ad...

Published

Sep 18, 2018

Patched Release

7.2.0

Affected Versions

Versions up to 7.1

Next Step

Update to 7.2.0 or newer if supported.

Open Full Report

Plugin Low Patched: Yes

MonsterInsights - Google Analytics Dashboard for WordPress <= 5.4.4 - Authenticated Stored Cross-Site Scripting

The MonsterInsights - Google Analytics Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.4.4 due to insufficient privilege handling. This makes it possible for authenticated attackers to inject arbitrary web scripts in...

Published

Aug 10, 2015

Patched Release

5.4.5

Affected Versions

Versions up to 5.4.4

Next Step

Update to 5.4.5 or newer if supported.

Open Full Report

Plugin High Patched: Yes

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.3.3 - Cross-Site Scripting

The MonsterInsights – Google Analytics Dashboard for WordPress plugin is vulnerable to Cross-Site Scripting via the add_query_arg and remove_query_arg functions in versions up to, and including, 5.3.3. This makes it possible for attackers to inject arbitrary web scripts that exec...

Published

Apr 20, 2015

Patched Release

5.4

Affected Versions

Versions up to 5.3.3

Next Step

Update to 5.4 or newer if supported.

Open Full Report

Plugin High Patched: Yes

MonsterInsights – Google Analytics Dashboard for WordPress <= 5.3.2 - Stored Cross-Site Scripting

The MonsterInsights – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbi...

Published

Mar 19, 2015

Patched Release

5.3.3

Affected Versions

Versions up to 5.3.2

Next Step

Update to 5.3.3 or newer if supported.

Open Full Report

Plugin Medium Patched: Yes

MonsterInsights – Google Analytics Dashboard for WordPress <= 5.3.2 - Authenticated Stored Cross-Site Scripting

The MonsterInsights – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘manual_ua_code_field’ parameter in versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping. This makes...

Published

Mar 06, 2015

Patched Release

5.3.3

Affected Versions

Versions up to 5.3.2

Next Step

Update to 5.3.3 or newer if supported.

Open Full Report

Plugin Low Patched: Yes CVE-2014-9174

CVE-2014-9174: MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.1.2 - Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" (manual_ua_code_field) field in the Ge...

Published

Nov 26, 2014

Patched Release

5.1.3

Affected Versions

Versions up to 5.1.2

Next Step

Update to 5.1.3 or newer if supported.

Open CVE-2014-9174 Report Open CVE Reference