CVE-2015-4697 – This CSRF vulnerability in Google Analyticator ... (How to Fix)

Q: What is the severity of CVE-2015-4697?

CVE-2015-4697 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in Google Analyticator WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. Attackers can force administrators to change plugin settings without their knowledge. This affects all WordPress sites running vulnerable versions of the Google Analyticator plugin.

📋 TL;DR

This CSRF vulnerability in Google Analyticator WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. Attackers can force administrators to change plugin settings without their knowledge. This affects all WordPress sites running vulnerable versions of the Google Analyticator plugin.

💻 Affected Systems

Products:

Google Analyticator WordPress Plugin

Versions: All versions before 6.4.9.3 rev @1183563

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with Google Analyticator plugin installed and activated. Vulnerability exists in admin interface.

📦 What is this software?

Google Analyticator by Sumo

View all CVEs affecting Google Analyticator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify Google Analytics tracking settings, potentially redirecting analytics data to attacker-controlled accounts or disabling tracking entirely, compromising business intelligence.

🟠

Likely Case

Attackers modify plugin configuration to inject malicious tracking code or disable legitimate analytics, potentially affecting site functionality and data collection.

🟢

If Mitigated

With proper CSRF protections and user awareness, administrators would not execute malicious requests, preventing exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking authenticated administrator into clicking malicious link or visiting compromised page. CSRF attacks are well-understood and easy to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.4.9.3 rev @1183563

Vendor Advisory: https://wordpress.org/support/topic/discovered-security-vulnerabilities-1/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Google Analyticator. 4. Click 'Update Now' if available. 5. Alternatively, download version 6.4.9.3+ from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Add CSRF Protection Manually

all

Add nonce verification to plugin forms to prevent CSRF attacks

Requires modifying plugin PHP files to add wp_nonce_field() and wp_verify_nonce() calls

Disable Plugin

all

Temporarily disable Google Analyticator plugin until patched

wp plugin deactivate google-analyticator

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF attempts
Educate administrators about CSRF risks and safe browsing practices

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins → Installed Plugins. Look for Google Analyticator version number.

Check Version:

wp plugin get google-analyticator --field=version

Verify Fix Applied:

Verify plugin version is 6.4.9.3 or higher. Check that nonce verification exists in plugin form handling code.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /wp-admin/admin.php?page=google-analyticator from same IP with different user agents
Unauthorized changes to plugin settings in WordPress logs

Network Indicators:

HTTP POST requests to plugin admin endpoints without proper referrer headers or nonce tokens

SIEM Query:

source="wordpress.log" AND ("google-analyticator" OR "admin.php?page=google-analyticator") AND method="POST"

📊 Metadata

CVE ID: CVE-2015-4697

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: September 7, 2017

Last Updated: April 20, 2025

🔗 References

http://seclists.org/fulldisclosure/2015/Jun/57 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/06/21/5 Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/75325 Third Party Advisory,VDB Entry
https://plugins.trac.wordpress.org/changeset/1183563 Third Party Advisory
https://wordpress.org/support/topic/discovered-security-vulnerabilities-1/ Issue Tracking,Third Party Advisory
http://seclists.org/fulldisclosure/2015/Jun/57 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/06/21/5 Mailing List,Third Party Advisory
http://www.securityfocus.com/bid/75325 Third Party Advisory,VDB Entry
https://plugins.trac.wordpress.org/changeset/1183563 Third Party Advisory
https://wordpress.org/support/topic/discovered-security-vulnerabilities-1/ Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-4697, you might also want to check these: