CVE-2024-1176
HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4.
| CWE | CWE-862 |
| Vendor | htplugins |
| Product | ht easy ga4 – google analytics wordpress plugin |
| Published | Mar 13, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for htplugins ht easy ga4 – google analytics wordpress plugin
Be the first to know when new medium vulnerabilities affecting htplugins ht easy ga4 – google analytics wordpress plugin are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
htplugins / HT Easy GA4 – Google Analytics WordPress Plugin
0 ≤ 1.1.5
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/10e1b3ac-f002-4108-9682-5fe300f07adb?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/ht-easy-google-analytics/trunk/includes/class.ht-easy-ga4.php#L99 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055939%40ht-easy-google-analytics&new=3055939%40ht-easy-google-analytics&sfp_email=&sfph_mail=
Credits
Francesco Carlucci