Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Smarter Analytics plugin for WordPress allows unauthorized configuration changes
CVE-2026-3570
Summary
The Smarter Analytics plugin for WordPress is affected. If left unpatched, attackers can reset the plugin's configuration and delete analytics settings for all pages and posts without needing a password. Update to a version of the plugin that fixes this issue as soon as possible.
Original title
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configu...
Original description
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for unauthenticated attackers to reset all plugin configuration and delete all per-page/per-post analytics settings via the 'reset' parameter.
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026