cleantalk
Vulnerabilities and Security Researches

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy), CVE-2026-5371

CVE, Research URL

CVE-2026-5371

Home page URL

Security reports for MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Application

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Published on
May 13, 2026
Research Description
The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and including, 10.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve live Google OAuth access tokens and reset Plugins's Google Ads integration.
Affected versions
max 10.1.3.
Status
vulnerable
Previous vulnerability researches
BJ Lazy Load (CVE-2026-2300) , May 13, 2026
BJ Lazy Load (CVE-2015-9415) , Jun 07, 2024
New vulnerability
WordPress Affiliates Plugin — SliceWP Affiliates (CVE-2026-42653) , May 13, 2026
Advanced Custom Fields: Extended (CVE-2025-15463) , May 13, 2026
WP Google Maps Integration (CVE-2026-7464) , May 13, 2026
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2026-5371) , May 13, 2026
bunny.net – WordPress CDN Plugin (CVE-2025-68049) , May 13, 2026