Filtered by vendor Gtm4wp
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1961 | 1 Gtm4wp | 1 Google Tag Manager | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2022-1707 | 1 Gtm4wp | 1 Google Tag Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers. | |||||