{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5371/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-5371"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) \u003c= 10.1.2"],"_cs_severities":["high"],"_cs_tags":["wordpress","plugin","analytics","oauth","googleads","CVE-2026-5371"],"_cs_type":"advisory","_cs_vendors":["Google"],"content_html":"\u003cp\u003eThe MonsterInsights – Google Analytics Dashboard for WordPress plugin, a widely used tool for website statistics, contains a vulnerability (CVE-2026-5371) that allows unauthorized access and modification of data. Specifically, versions up to and including 10.1.2 lack proper capability checks on the \u003ccode\u003eget_ads_access_token()\u003c/code\u003e and \u003ccode\u003ereset_experience()\u003c/code\u003e functions. This flaw enables authenticated attackers with a minimum of subscriber-level access to retrieve live Google OAuth access tokens. Furthermore, they can reset the plugin\u0026rsquo;s Google Ads integration, potentially disrupting or manipulating analytics data. This vulnerability poses a significant risk to website owners who rely on MonsterInsights for accurate and secure Google Analytics data, making it critical for defenders to implement detection and mitigation strategies.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains subscriber-level or higher access to a WordPress site with the vulnerable MonsterInsights plugin installed.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request to trigger the \u003ccode\u003eget_ads_access_token()\u003c/code\u003e function. This bypasses capability checks due to the missing checks on this function.\u003c/li\u003e\n\u003cli\u003eThe plugin processes the request and returns a valid Google OAuth access token associated with the Google Ads integration.\u003c/li\u003e\n\u003cli\u003eThe attacker obtains the Google OAuth access token.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker crafts a malicious request to trigger the \u003ccode\u003ereset_experience()\u003c/code\u003e function. This bypasses capability checks.\u003c/li\u003e\n\u003cli\u003eThe plugin processes the request and resets the Google Ads integration.\u003c/li\u003e\n\u003cli\u003eThe attacker can then use the retrieved OAuth access token to access Google Ads data associated with the website or manipulate the plugin\u0026rsquo;s configuration via the \u003ccode\u003ereset_experience()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to Google Analytics data or disrupts the Google Ads integration, impacting website analytics and advertising efforts.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5371 can lead to several damaging outcomes. Attackers can gain unauthorized access to sensitive Google Analytics data, potentially exposing website traffic statistics, user demographics, and conversion rates. Moreover, the ability to reset the Google Ads integration can disrupt advertising campaigns, leading to financial losses and reputational damage. The vulnerability affects all WordPress sites using MonsterInsights versions up to and including 10.1.2, potentially impacting thousands of websites across various sectors. If successful, attackers could manipulate website data or advertising campaigns for malicious purposes.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the MonsterInsights plugin to the latest version (greater than 10.1.2) to patch CVE-2026-5371.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect MonsterInsights Google Ads Token Retrieval\u003c/code\u003e to identify attempts to retrieve Google OAuth access tokens via the \u003ccode\u003eget_ads_access_token()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect MonsterInsights Google Ads Integration Reset\u003c/code\u003e to detect attempts to reset the Google Ads integration using the \u003ccode\u003ereset_experience()\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eReview WordPress user roles and permissions to ensure that only trusted users have administrative access.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T23:17:50Z","date_published":"2026-05-12T23:17:50Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-5371-monsterinsights/","summary":"The MonsterInsights WordPress plugin through 10.1.2 is vulnerable to unauthorized access and data modification, allowing authenticated attackers with subscriber-level access to retrieve Google OAuth tokens and reset Google Ads integration due to missing capability checks on `get_ads_access_token()` and `reset_experience()` functions.","title":"CVE-2026-5371: MonsterInsights WordPress Plugin Unauthorized Access Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-5371-monsterinsights/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-5371","version":"https://jsonfeed.org/version/1.1"}