cleantalk
Vulnerabilities and Security Researches

Meta Tag Manager, CVE-2024-1770

CVE, Research URL

CVE-2024-1770

Home page URL

Security reports for Meta Tag Manager

Application

Meta Tag Manager

Published on
Mar 28, 2024
Research Description
The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions
max 3.1.
Status
vulnerable
Previous vulnerability researches
Meta Tag Manager (CVE-2025-5983) , Apr 23, 2026
Meta Tag Manager (CVE-2024-1770) , Jun 07, 2024
Meta Tag Manager (b0fcad47c22dee0f54e7ea6d2c9aa64411cb16dc) , Jun 07, 2024
Meta Tag Manager (CVE-2025-22260) , Feb 03, 2025
New vulnerability
Ni WooCommerce Order Export (CVE-2026-4140) , Apr 24, 2026
Slider Bootstrap Carousel (CVE-2026-4076) , Apr 24, 2026
Popup Builder – Create highly converting, mobile friendly marketing popups. (CVE-2025-9856) , Apr 24, 2026
MaxiBlocks Free Page Builder & Template Library (CVE-2025-58968) , Apr 24, 2026
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2025-9219) , Apr 24, 2026