CVE-2023-23999

WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions.

We have discovered 266,198 live websites that are affected by CVE-2023-23999.

Affected Software


Product	MonsterInsights
Category	Analytics
Vulnerable Versions	from 0 through 8.14
Total Vulnerable Versions	145
Vulnerable Domains	266,198 live websites (29.58% of MonsterInsights install base)

Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Available Reports

Website List

Details

Published - May 18, 2023
Updated - May 18, 2023

Credits

Rafie Muhammad (Patchstack) (finder)

CWE

CWE-79

CVE References

CWE References

cwe.mitre.org

Countries

United States	79,654 websites

Japan	17,110 websites
France	14,973 websites
GB	13,757 websites
Germany	13,414 websites
Italy	11,792 websites
Poland	9,838 websites
Netherlands	9,800 websites
Spain	8,288 websites
Canada	6,789 websites

TLDs

.com	123,604 websites
.org	11,318 websites
.co.uk	7,960 websites
.nl	7,879 websites
.it	7,664 websites
.pl	7,663 websites
.net	7,010 websites
.de	6,630 websites
.fr	5,971 websites
.com.br	5,217 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

References

https://patchstack.com/database/vulnerability/google-analytics-for-wordpress/wordpress-google-analytics-by-monsterinsights-plugin-8-14-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Websites affected by CVE-2023-23999

Top websites that are affected by CVE-2023-23999. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
**********.*.ar	Argentina	,**
*.***********.com	United States	,**
*.********.com	United States	,**
*****.org	United States	,**
**.****.net	United States	,**
********.com	United States	,**
*.*******.com	GB	,*
*.********.de	Germany	,*
*.********.com	Ireland	,*
***********.me	Canada	,*

See full domain list