Report
The Google Analyticator plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.5.5 via deserialization of untrusted input. This allows administrator-level attackers to inject a PHP Object. The additional presence of a POP chain in the vulnerable plugin may allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Score:4.4
Severity:Medium
Version:< 6.5.6
There is a patch available in v6.5.6 and we strongly recommend you update to this version as soon as possible.
