CVE-2026-3570
Unauthorized Access in Smarter Analytics Plugin Allows Config Reset
Publication date: 2026-03-21
Last updated on: 2026-03-21
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| smarter_analytics | smarter_analytics | to 2.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Smarter Analytics plugin for WordPress has a vulnerability in all versions up to and including 2.0. This vulnerability arises because the plugin lacks proper authentication and capability checks on its configuration reset functionality. Specifically, unauthenticated attackers can exploit the 'reset' parameter in the global scope of the smarter-analytics.php file to reset all plugin configurations and delete all per-page and per-post analytics settings.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to reset the entire configuration of the Smarter Analytics plugin and delete all analytics settings for individual pages and posts. As a result, you could lose important analytics data and configurations, which may disrupt your ability to track and analyze website traffic effectively.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know