Tracking Code Manager, CVE-2024-10309

CVE, Research URL: CVE-2024-10309
Home page URL: Security reports for Tracking Code Manager
Application: Tracking Code Manager
Published on: Jan 30, 2025
Research Description: The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
Affected versions: max 2.4.0.
Status: vulnerable