cleantalk
Vulnerabilities and Security Researches

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy), CVE-2026-5371

CVE, Research URL

CVE-2026-5371

Home page URL

Security reports for MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Application

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

Published on
May 13, 2026
Research Description
The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and including, 10.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve live Google OAuth access tokens and reset Plugins's Google Ads integration.
Affected versions
max 10.1.3.
Status
vulnerable
Previous vulnerability researches
Really Simple SSL (CVE-2024-31229) , Jun 07, 2024
Really Simple SSL (CVE-2024-10924) , Nov 15, 2024
Really Simple SSL , May 01, 2026
Really Simple SSL (CVE-2026-32461) , Mar 29, 2026
Really Simple SSL (CVE-2025-24623) , Jan 25, 2025
New vulnerability
WordPress Affiliates Plugin — SliceWP Affiliates (CVE-2026-42653) , May 13, 2026
Advanced Custom Fields: Extended (CVE-2025-15463) , May 13, 2026
WP Google Maps Integration (CVE-2026-7464) , May 13, 2026
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) (CVE-2026-5371) , May 13, 2026
bunny.net – WordPress CDN Plugin (CVE-2025-68049) , May 13, 2026