VYPR

MonsterInsights

by WordPress

CVEs (3)

  • CVE-2023-23999MedMay 18, 2023
    risk 0.42cvss 6.5epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions.

  • CVE-2022-3904MedJan 16, 2023
    risk 0.40cvss 6.1epss 0.01

    The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.

  • CVE-2023-0081MedFeb 6, 2023
    risk 0.35cvss 5.4epss 0.01

    The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting…