CVE-2026-3570
Smarter Analytics <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The Smarter Analytics plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0. This is due to missing authentication and capability checks on the configuration reset functionality in the global scope of smarter-analytics.php. This makes it possible for unauthenticated attackers to reset all plugin configuration and delete all per-page/per-post analytics settings via the 'reset' parameter.
| CWE | CWE-862 |
| Vendor | acumenconsulting |
| Product | smarter analytics |
| Published | Mar 21, 2026 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for acumenconsulting smarter analytics
Be the first to know when new medium vulnerabilities affecting acumenconsulting smarter analytics are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
acumenconsulting / Smarter Analytics
0 โค 2.0
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/06f0d53d-734c-4cc1-902d-bdf4826036bf?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/smarter-analytics/trunk/smarter-analytics.php#L27 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/smarter-analytics/tags/2.0/smarter-analytics.php#L27
Credits
Phong Nguyen