Google Analytics by Yoast was updated to version 5.3.3, from version 5.3.2. Changelog:
- Fix minor XSS issue where admins could XSS each other through an unescaped manual UA field.
- Fix stored XSS issue where changing a property’s name in Google Analytics to contain malicious JS would allow execution of that JS in the admin as the profile name was not escaped properly.
- Fix un-authenticated change of the GA profile list, allowing the previous XSS to become a slightly bigger issue.
- Small code style improvements.
- Throw an error and deactivate if either the PHP SPL or PHP filter libraries aren’t loaded.
- Introduced a filter yst_ga_track_super_admin to allow disabling of super admin tracking on multi-site, defaulting to true.