RSS   Vulnerabilities for 'Gtm4wp'   RSS

2022-06-13
 
CVE-2022-1961

CWE-79
 

 
The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

 

 >>> Vendor: Gtm4wp 2 Products
Google tag manager
Gtm4wp


Copyright 2024, cxsecurity.com

 

Back to Top