cleantalk
Vulnerabilities and Security Researches

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy), CVE-2014-9174

CVE, Research URL

CVE-2014-9174

Home page URL

Security reports for MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Application

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Published on
Dec 02, 2014
Research Description
Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" (manual_ua_code_field) field in the General Settings.
Affected versions
Min -, max 5.3.3.
Status
vulnerable
Previous vulnerability researches
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2022-3904) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2023-0081) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2014-9174) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2023-23999) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2023-52220) , Jun 07, 2024
New vulnerability
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2025-5482) , Jun 13, 2025
OpenSheetMusicDisplay (CVE-2025-5235) , Jun 13, 2025
Arconix Shortcodes (CVE-2025-47673) , Jun 12, 2025
Slim SEO – Fast & Automated WordPress SEO Plugin (CVE-2025-4611) , Jun 12, 2025
AutomatorWP – The #1 automator plugin for no-code automation in WordPress (CVE-2025-48280) , Jun 11, 2025