Volerion logoVolerion
Volerion logoVolerion

ShareThis Dashboard for Google Analytics WordPress Plugin Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the ShareThis Dashboard for Google Analytics WordPress plugin, affecting versions prior to 2.5.2. The issue arises because the plugin fails to properly sanitize or escape the 'ga_action' parameter in the stats view before rendering it in an attribute. This vulnerability is triggered when the plugin is linked to a Google Analytics account, allowing an attacker to execute malicious scripts in the context of a logged-in administrator.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user.

Reproduction

To reproduce this vulnerability, connect the ShareThis Dashboard for Google Analytics WordPress plugin to a Google Analytics account. Then, navigate to the stats view while the plugin is active. The vulnerability can be triggered by including a crafted 'ga_action' parameter that contains malicious script payloads, such as an image tag with an 'onerror' event.

Remediation

Users are advised to update the ShareThis Dashboard for Google Analytics WordPress plugin to version 2.5.2 or later.

Added: May 15, 2026, 12:25 PM
Updated: May 15, 2026, 12:25 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
7.9
exploitability
7.7
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.