MonsterInsights
Moderate fix1 remedy
cpe:2.3:a:monsterinsights:monsterinsights:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 10.1.2
MonsterInsights Google Analytics Dashboard for WordPress Missing Authorization Vulnerability
Vulnerability
Patched
A vulnerability exists in the MonsterInsights Google Analytics Dashboard for WordPress plugin, specifically in versions through 10.1.2. The issue arises from missing capability checks in the get_ads_access_token() and reset_experience() functions. This flaw allows authenticated attackers with Subscriber-level access and above to access live Google OAuth tokens and reset the plugin's Google Ads integration.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive information, specifically Google OAuth access tokens, and unauthorized modifications to the plugin's Google Ads integration.
Remediation
Users are advised to update the MonsterInsights Google Analytics Dashboard for WordPress plugin to version 10.1.3 or a newer patched version.
Added: May 12, 2026, 11:19 PM
Updated: May 12, 2026, 11:19 PM
Vulnerability Rating
Custom Algorithm
spread
7.6impact
3.1exploitability
6.1remediation
7.7relevance
8.1threat
3.2urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.