GCVE - cpe:2.3:a:hasthemes:ht_easy_ga4_\(google_analytics

Approved changes feed: RSS · Atom

cpe:2.3:a:hasthemes:ht_easy_ga4_\(google_analytics_4\):*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Hasthemes (`d368bab3-bc4f-5819-9d32-f6fb06c04453`)
Product	Ht Easy Ga4 (Google Analytics 4) (`fbcdad24-8c26-5637-87ba-1188a90cae6a`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-29094`	vulnerable	2026-06-03 14:55:26.828846	WordPress HT Easy GA4 plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability HIGH (7.1) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Google Analytics 4 ): from n/a through 1.1.7. Published: 2024-03-19T16:38:15.372Z Updated: 2026-04-28T16:09:16.545Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1176`	vulnerable	2026-06-03 14:54:26.369891	HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update MEDIUM (5.3) The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4. Published: 2024-03-13T15:26:33.603Z Updated: 2026-04-08T16:36:08.059Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/10e1b3ac-f002-4108-9682-5fe300f07adb?source=cve https://plugins.trac.wordpress.org/browser/ht-easy-google-analytics/trunk/includes/class.ht-easy-ga4.php#L99 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055939%40ht-easy-google-analytics&new=3055939%40ht-easy-google-analytics&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-23802`	vulnerable	2026-06-03 14:49:28.693881	WordPress HT Easy GA4 ( Google Analytics 4 ) Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF) MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions. Published: 2023-06-15T12:03:36.800Z Updated: 2026-04-28T16:08:02.659Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-google-analytics-4-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Ht Easy Ga4 (Google Analytics 4)

PURL mappings

Vulnerability references

Contribute