Vulnerabilities and security researches forgoogleanalytics googleanalytics

Jan 27, 2026

CVE, Research URL: CVE-2025-12540
Home page URL: Security reports for ShareThis Dashboard for Google Analytics
Application: ShareThis Dashboard for Google Analytics
Date: Jan 07, 2026
Research Description: The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to craft a link to the sharethis.com server, which will share an authorization token for Google Analytics with a malicious website, if the attacker can trick an administrator logged into the website and Google Analytics to click the link.
Affected versions: max 3.2.4.
Status: vulnerable

Apr 12, 2025

CVE, Research URL: CVE-2025-32282
Home page URL: Security reports for ShareThis Dashboard for Google Analytics
Application: ShareThis Dashboard for Google Analytics
Date: Apr 10, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in ShareThis ShareThis Dashboard for Google Analytics. This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.2.2.
Affected versions: max 3.2.2.
Status: vulnerable

Mar 15, 2025

CVE, Research URL: CVE-2025-1507
Home page URL: Security reports for ShareThis Dashboard for Google Analytics
Application: ShareThis Dashboard for Google Analytics
Date: Mar 14, 2025
Research Description: The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features.
Affected versions: max 3.2.2.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-45851
Home page URL: Security reports for ShareThis Dashboard for Google Analytics
Application: ShareThis Dashboard for Google Analytics
Date: Mar 25, 2024
Research Description: Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.
Affected versions: max 3.1.5.
Status: vulnerable

CVE, Research URL: CVE-2021-24438
Home page URL: Security reports for ShareThis Dashboard for Google Analytics
Application: ShareThis Dashboard for Google Analytics
Date: Aug 30, 2021
Research Description: The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
Affected versions: max 2.5.2.
Status: vulnerable