Vulnerabilities and security researches formeta-tag-manager meta-tag-manager

Jun 07, 2024

CVE, Research URL: CVE-2024-1770
Home page URL: Security reports for Meta Tag Manager
Application: Meta Tag Manager
Date: Mar 28, 2024
Research Description: The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions: max 3.1.
Status: vulnerable

CVE, Research URL: b0fcad47c22dee0f54e7ea6d2c9aa64411cb16dc
Home page URL: Security reports for Meta Tag Manager
Application: Meta Tag Manager
Date: Jul 19, 2023
Research Description: Meta Tag Manager [meta-tag-manager] < 2.1 (closed) WordPress Meta Tag Manager Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Meta Tag Manager plugin to the latest available version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Meta Tag Manager Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 2.1.
Affected versions: max 2.1.
Status: vulnerable

Feb 03, 2025

CVE, Research URL: CVE-2025-22260
Home page URL: Security reports for Meta Tag Manager
Application: Meta Tag Manager
Date: Feb 03, 2025
Research Description: Missing Authorization vulnerability in Pixelite Meta Tag Manager. This issue affects Meta Tag Manager: from n/a through 3.1.
Affected versions: max 3.2.
Status: vulnerable

Apr 23, 2026

CVE, Research URL: CVE-2025-5983
Home page URL: Security reports for Meta Tag Manager
Application: Meta Tag Manager
Date: Oct 22, 2025
Research Description: The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags.
Affected versions: max 3.3.
Status: vulnerable