Threat Entry Updated 2026-01-08

CVE-2025-12540 - Sharethis Dashboard For Google Analytics Plugin

The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to craft a link to the sharethis.com server, which will share an authorization token for Google Analytics with a malicious website, if the attacker can trick an administrator logged into the website and Google Analytics to click the link.

PLUGIN Sharethis Dashboard For Google Analytics

CVE-2025-12540

MEDIUM CVSS 4.7 2026-01-07

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-03-27

CVE-2025-1507 - Sharethis Dashboard For Google Analytics Plugin

The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to disable all features.

PLUGIN Sharethis Dashboard For Google Analytics

CVE-2025-1507

MEDIUM CVSS 5.3 2025-03-14

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24438 - Sharethis Dashboard For Google Analytics Plugin

The ShareThis Dashboard for Google Analytics WordPress plugin before 2.5.2 does not sanitise or escape the 'ga_action' parameter in the stats view before outputting it back in an attribute when the plugin is connected to a Google Analytics account, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator

PLUGIN Sharethis Dashboard For Google Analytics

CVE-2021-24438

MEDIUM CVSS 6.1 2021-08-30

Risk Score

Open Full Technical Breakdown