| CVE/PSC | Application | Date | Affected versions | Description |
|---|---|---|---|---|
| Actual on: Jun 29, 2025, 05:06:50 | Entries count: 3 | |||
|
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress
SAFE & CERTIFIED
|
Jul 24, 2024, 15:07:10 |
Min 1.16.1
Max 1.20.2
|
GTM4WP – A Google Tag Manager (GTM) is a robust tool designed to manage and deploy analytics and marketing tags effortlessly on your WordPress website. With its intuitive web UI, users can seamlessly integrate code snippets and track valuable data without manual intervention. This plugin enhances security measures, ensuring safe analytics deployment, and has successfully obtained the Plugin Security Certification (PSC) from CleanTalk, guaranteeing a secure environment for your website. | |
|
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress
vulnerable
|
Jun 07, 2024, 04:06:49 |
Min -
Max 1.15.2
|
The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |
|
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress
vulnerable
|
Jun 07, 2024, 04:06:49 |
Min -
Max 1.15.1
|
The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers. | |