CVE-2022-45830

Medium

Published: 02 January 2025

Published

02 January 2025

Modified

05 June 2025

KEV Added

—

Patch

—

CVSS Score 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS Score 0.0039 60.3th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3.

Security Summary

CVE-2022-45830 is a Missing Authorization vulnerability (CWE-862) in the Analytify WordPress plugin. This issue affects Analytify versions from n/a through 4.2.3 and carries a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L), indicating medium severity with network accessibility, low attack complexity, and no privileges or user interaction required.

Unauthenticated attackers can exploit this vulnerability remotely. Successful exploitation results in low impacts to integrity and availability, with no confidentiality impact, as reflected in the CVSS vector.

The Patchstack advisory at https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-google-analytics-dashboard-plugin-4-2-3-privilege-escalation?_s_id=cve provides details on this privilege escalation vulnerability in the WordPress Analytify Google Analytics Dashboard plugin version 4.2.3.

Details

CWE(s): CWE-862

Affected Products

analytify

analytify - google analytics dashboard

≤ 4.3.0

References

https://patchstack.com/database/wordpress/plugin/wp-analytify/vulnerability/wordpress-analytify-google-analytics-dashboard-plugin-4-2-3-privilege-escalation?_s_id=cve
Third Party Advisory · audit@patchstack.com