{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T16:09:45.838","vulnerabilities":[{"cve":{"id":"CVE-2026-1992","sourceIdentifier":"security@wordfence.com","published":"2026-03-11T10:16:13.280","lastModified":"2026-04-22T21:27:27.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `store_settings()` method in the `ExactMetrics_Onboarding` class accepting a user-supplied `triggered_by` parameter that is used instead of the current user's ID to check permissions. This makes it possible for authenticated attackers with the `exactmetrics_save_settings` capability to bypass the `install_plugins` capability check by specifying an administrator's user ID in the `triggered_by` parameter, allowing them to install arbitrary plugins and achieve Remote Code Execution. This vulnerability only affects sites on which administrator has given other user types the permission to view reports and can only be exploited by users of that type."},{"lang":"es","value":"El plugin ExactMetrics – Google Analytics Dashboard para WordPress es vulnerable a Referencia Directa Insegura a Objeto en las versiones 8.6.0 a 9.0.2. Esto se debe a que el método 'store_settings()' en la clase 'ExactMetrics_Onboarding' acepta un parámetro 'triggered_by' proporcionado por el usuario que se utiliza en lugar del ID del usuario actual para verificar permisos. Esto hace posible que atacantes autenticados con la capacidad 'exactmetrics_save_settings' omitan la verificación de capacidad 'install_plugins' al especificar el ID de usuario de un administrador en el parámetro 'triggered_by', permitiéndoles instalar plugins arbitrarios y lograr la ejecución remota de código. Esta vulnerabilidad solo afecta a los sitios en los que el administrador ha otorgado a otros tipos de usuario el permiso para ver informes y solo puede ser explotada por usuarios de ese tipo."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/google-analytics-dashboard-for-wp/trunk/includes/admin/class-exactmetrics-onboarding.php#L273","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3473805/google-analytics-dashboard-for-wp/trunk/includes/admin/class-exactmetrics-onboarding.php?old=3309894&old_path=google-analytics-dashboard-for-wp%2Ftrunk%2Fincludes%2Fadmin%2Fclass-exactmetrics-onboarding.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/79b6b896-df66-4c3d-a4d4-d3dbeb630134?source=cve","source":"security@wordfence.com"}]}}]}