cleantalk
Vulnerabilities and Security Researches

Tracking Code Manager, CVE-2024-8721

CVE, Research URL

CVE-2024-8721

Home page URL

Security reports for Tracking Code Manager

Application

Tracking Code Manager

Published on
Dec 24, 2024
Research Description
The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-10309 is a duplicate of this issue.
Affected versions
max 2.4.0.
Status
vulnerable
Previous vulnerability researches
Code Manager (8664b371437f11c6f159cff6b9367abd6c987589) , Jun 06, 2024
Code Manager (CVE-2022-4974) , Nov 16, 2024
Code Manager (CVE-2024-13362) , May 02, 2026
FluentSnippets – The High-Performance file based Custom Code Snippet Plugin (CVE-2025-54010) , Jul 18, 2025
Tracking Code Manager (CVE-2024-8721) , Dec 24, 2024
New vulnerability
Easy Social Feed – Social Photos Gallery – Post Feed – Like Box (CVE-2024-13362) , May 02, 2026
WP fail2ban – Advanced Security Plugin (CVE-2024-13362) , May 02, 2026
Widgets on Pages (CVE-2024-13362) , May 02, 2026
Booking Calendar | Appointment Booking | BookIt (CVE-2026-40780) , May 02, 2026
WPIDE – File Manager & Code Editor (CVE-2024-13362) , May 02, 2026