CAOS Host Google Analytics Locally
Moderate fix1 remedy
cpe:2.3:a:daan:complete_analytics_optimization_suite:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 4.7.14
CAOS Host Google Analytics Locally Missing Authorization Vulnerability in WordPress Plugin
Vulnerability
Patched
A vulnerability exists in the CAOS | Host Google Analytics Locally WordPress plugin, specifically in versions through 4.7.14. The issue arises from a missing capability check in the 'update_settings' function, allowing unauthenticated attackers to modify plugin settings. This unauthorized data modification could lead to various impacts, depending on the nature of the changed settings.
Impact
Exploitation of this vulnerability allows for unauthorized changes to the plugin's settings, which could disrupt the intended functionality of the plugin or the website's analytics tracking.
Reproduction
To reproduce this vulnerability, an unauthenticated user can send a request to the WordPress site with the 'action' parameter set to 'caos-update'. This request will bypass the missing capability check and allow the attacker to modify plugin settings.
Remediation
Users are advised to update the CAOS | Host Google Analytics Locally plugin to version 4.7.15 or later, where this vulnerability has been patched.
Added: May 15, 2026, 12:16 PM
Updated: May 15, 2026, 12:16 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
0.6exploitability
9.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.