cleantalk
Vulnerabilities and Security Researches

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy), CVE-2023-0081

CVE, Research URL

CVE-2023-0081

Home page URL

Security reports for MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Application

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Published on
Feb 07, 2023
Research Description
The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 8.12.1.
Status
vulnerable
Previous vulnerability researches
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2022-3904) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2023-0081) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2014-9174) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2023-23999) , Jun 07, 2024
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2023-52220) , Jun 07, 2024
New vulnerability
Sunshine Photo Cart: Free Client Galleries for Photographers (CVE-2025-5482) , Jun 13, 2025
OpenSheetMusicDisplay (CVE-2025-5235) , Jun 13, 2025
Arconix Shortcodes (CVE-2025-47673) , Jun 12, 2025
Slim SEO – Fast & Automated WordPress SEO Plugin (CVE-2025-4611) , Jun 12, 2025
AutomatorWP – The #1 automator plugin for no-code automation in WordPress (CVE-2025-48280) , Jun 11, 2025