Vulnerability Details CVE-2021-25020
The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the cache directory setting, allowing high privilege users to use a path traversal vector and delete arbitrary folders when uninstalling the plugin
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.4%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
Products affected by CVE-2021-25020
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:1.0
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:2.0.0
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:3.0.0
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:3.7.0
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.0.0
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.0.1
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.0.2
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.0.3
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.0.4
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.0.5
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.1.0
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.1.1
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.1.2
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.1.3
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.1.4
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.1.5
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.1.6
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.1.7
-
cpe:2.3:a:daan:complete_analytics_optimization_suite:4.1.8