Google Analytics by Yoast stored XSS

Posted by Jouko Pynnonen on Mar 19

*Overview*

Google Analytics by Yoast is a WordPress plug-in for monitoring website
traffic. With approximately seven million downloads it’s one of the most
popular WordPress plug-ins.

A security vulnerability in the plug-in allows an unauthenticated attacker
to store arbitrary HTML, including JavaScript, in the WordPress
administrator’s Dashboard on the target system. The JavaScript will be
triggered when an administrator views the…

Leave a Reply