CVE-2023-23999
WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS)Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions.
We have discovered 172,740 live websites that are affected by CVE-2023-23999.
Affected Software
| Product |  MonsterInsights |
| Category | Analytics |
| Vulnerable Domains | 172,740 live websites (20.85% of MonsterInsights install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 126 versions ( 79.25% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - May 18, 2023
- Updated - Jan 9, 2025
Credits
- Rafie Muhammad (Patchstack) (finder)
CWE
CVE References
CWE References
CVE-2023-23999 usage by Country
 United States | 58,704 websites |
 Germany | 14,880 websites |
 Japan | 12,680 websites |
 France | 11,524 websites |
 Poland | 6,700 websites |
 GB | 6,541 websites |
 Netherlands | 5,709 websites |
 Spain | 4,266 websites |
 Italy | 4,220 websites |
 Cyprus | 2,985 websites |
CVE-2023-23999 usage by TLD
| .com | 78,629 websites |
| .org | 6,872 websites |
| .pl | 5,454 websites |
| .nl | 5,227 websites |
| .co.uk | 4,941 websites |
| .de | 4,812 websites |
| .net | 4,651 websites |
| .fr | 4,098 websites |
| .it | 3,418 websites |
| .com.au | 3,310 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-23999
Top websites that are affected by CVE-2023-23999. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.***.ar |  Argentina | *,*** | |
| *************.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| *****.org | United States | *,*** | |
| ****.******.net | United States | *,*** | |
| *********.com |  Sweden | **,*** | |
| **********.de | Germany | **,*** | |
| ***********.me |  Canada | **,*** | |
| ********.********.edu | United States | **,*** | |
| **********.com | United States | **,*** |
FAQ
CVE-2023-23999 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in MonsterInsights
A total of 172,740 websites have been identified as vulnerable to CVE-2023-23999, discovered through global website indexing conducted by WebTechSurvey.
MonsterInsights is susceptible to CVE-2023-23999 vulnerability.
MonsterInsights versions before, and including, 8.14 are vulnerable to CVE-2023-23999.