Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Incorrect Access Control in GA4WP: Google Analytics for WordPress
CVE-2025-68028
Summary
A security flaw in the GA4WP plugin for WordPress allows unauthorized users to access sensitive data. This affects versions of the plugin up to 2.10.0. To fix the issue, update the plugin to the latest version.
Original title
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects G...
Original description
Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress ga-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through <= 2.10.0.
nvd CVSS3.1
6.5
Vulnerability type
CWE-862
Missing Authorization
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026