VYPR

ExactMetrics

by Syed Balkhi

CVEs (3)

  • CVE-2023-23880MedAug 8, 2023
    risk 0.42cvss 6.5epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions.

  • CVE-2025-24750MedJan 24, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in Syed Balkhi ExactMetrics google-analytics-dashboard-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ExactMetrics: from n/a through <= 8.1.0.

  • CVE-2023-0082MedFeb 6, 2023
    risk 0.35cvss 5.4epss 0.01

    The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.