cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forduracelltomi-google-tag-manager duracelltomi-google-tag-manager

Direction: ascending
Jun 07, 2024

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress # CVE-2022-1961

CVE, Research URL

CVE-2022-1961

Home page URL

Security reports for GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

Application

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

Date
Jun 13, 2022
Research Description
The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
Affected versions
Min -, max -.
Status
vulnerable

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress # CVE-2022-1707

CVE, Research URL

CVE-2022-1707

Home page URL

Security reports for GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

Application

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

Date
Jun 13, 2022
Research Description
The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers.
Affected versions
Min -, max -.
Status
vulnerable
Jul 24, 2024

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress # PSC-2024-92836

PSC, Research URL

PSC-2024-92836

Home page URL

Security reports for GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

Application

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

Date
-
Research Description
GTM4WP – A Google Tag Manager (GTM) is a robust tool designed to manage and deploy analytics and marketing tags effortlessly on your WordPress website. With its intuitive web UI, users can seamlessly integrate code snippets and track valuable data without manual intervention. This plugin enhances security measures, ensuring safe analytics deployment, and has successfully obtained the Plugin Security Certification (PSC) from CleanTalk, guaranteeing a secure environment for your website.
Affected versions
Min -, max -.
Status
SAFE & CERTIFIED