CVE-2022-3904
MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google AnalyticsThe MonsterInsights WordPress plugin before 8.9.1 does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics.
We have discovered 163,887 live websites that are affected by CVE-2022-3904.
Contact us to get more info
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')