Vulnerabilities > Gtm4Wp

DATE CVE VULNERABILITY TITLE RISK
2022-06-13 CVE-2022-1961 Cross-site Scripting vulnerability in Gtm4Wp Google TAG Manager
The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1.
network
low complexity
gtm4wp CWE-79
4.8
2022-06-13 CVE-2022-1707 Cross-site Scripting vulnerability in Gtm4Wp Google TAG Manager
The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15.
network
low complexity
gtm4wp CWE-79
6.1