cleantalk
Vulnerabilities and Security Researches

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy), CVE-2022-3904

CVE, Research URL

CVE-2022-3904

Home page URL

Security reports for MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Application

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Published on
Jan 16, 2023
Research Description
The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
Affected versions
Min -, max 8.9.1.
Status
vulnerable
Previous vulnerability researches
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2022-3904) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2023-0081) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2014-9174) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2023-23999) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2023-52220) , Jun 07, 2024
New vulnerability
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2025-5482) , Jun 13, 2025
OpenSheetMusicDisplay (CVE-2025-5235) , Jun 13, 2025
Arconix Shortcodes (CVE-2025-47673) , Jun 12, 2025
Slim SEO – Fast & Automated WordPress SEO Plugin (CVE-2025-4611) , Jun 12, 2025
AutomatorWP – The #1 automator plugin for no-code automation in WordPress (CVE-2025-48280) , Jun 11, 2025