High severity7.1NVD Advisory· Published May 12, 2026· Updated May 13, 2026
CVE-2026-5371
CVE-2026-5371
Description
The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability checks on the get_ads_access_token() and reset_experience() functions in all versions up to, and including, 10.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve live Google OAuth access tokens and reset Plugins's Google Ads integration.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- plugins.trac.wordpress.org/browser/google-analytics-for-wordpress/tags/10.0.3/includes/admin/admin-assets.phpnvd
- plugins.trac.wordpress.org/browser/google-analytics-for-wordpress/tags/10.0.3/includes/ppc/google/class-monsterinsights-google-ads.phpnvd
- plugins.trac.wordpress.org/browser/google-analytics-for-wordpress/tags/10.0.3/includes/ppc/google/class-monsterinsights-google-ads.phpnvd
- www.wordfence.com/threat-intel/vulnerabilities/id/5d380b66-675e-451d-a7e3-4efe1fbd08b2nvd
News mentions
0No linked articles in our index yet.