Lucene search
K

228 matches found

OSV
OSV
added 2024/07/21 11:15 p.m.4 views

CVE-2024-37447

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL TAG Manager allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL TAG Manager: from n/a through 9.6.1.1...

4.8CVSS5.8AI score0.0026EPSS
Exploits0References1
NVD
NVD
added 2024/06/28 7:15 a.m.18 views

CVE-2024-6288

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktokuserid’ parameter in all versions up to, and including, 7.1.0 due to insufficient input sanitization and output...

4.7CVSS0.00421EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2024/06/19 11:3 a.m.40 views

New Case Study: Unmanaged GTM Tags Become a Security Nightmare

Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when i...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.6 views

PT-2024-22385 · WordPress · Wordpress Tag/Category Manager – Ai Autotagger

Name of the Vulnerable Software and Affected Versions: The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress versions up to, and including, 3.13.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin...

6.4CVSS9.3AI score0.00449EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.20 views

WordPress Tag and Category Manager – AI Autotagger < 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sttagcloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.9AI score0.00449EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/28 2:4 a.m.19 views

CVE-2024-1770 Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection

The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the getpostdata function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP...

8.8CVSS7.5AI score0.00813EPSS
Exploits0References2
CVE
CVE
added 2024/03/28 2:4 a.m.62 views

CVE-2024-1770

CVE-2024-1770 affects the Meta Tag Manager plugin for WordPress (vulnerable up to 3.0.2). It enables PHP Object Injection via deserialization in get_post_data, requiring at least Contributor+ authentication. The vulnerability can allow an authenticated attacker to inject a PHP object; the initial...

8.8CVSS9.3AI score0.00813EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/03/28 12:0 a.m.9 views

WordPress Meta Tag Manager Plugin <= 3.0.2 is vulnerable to PHP Object Injection

Software Meta Tag Manager Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1770 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID e36fbb9c63ac Credits Francesco Carlucci Required privilege...

8.8CVSS6.8AI score0.00813EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/03/28 12:0 a.m.4 views

WordPress Plugin Meta Tag Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS8.3AI score0.00813EPSS
Exploits0References3
OSV
OSV
added 2024/03/13 4:15 p.m.7 views

CVE-2024-1203

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS7.3AI score0.00828EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.35 views

CVE-2024-1203

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS8.7AI score0.00828EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.14 views

CVE-2024-1203 Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS7.2AI score0.00828EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.53 views

CVE-2024-1203 Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of...

8.8CVSS8.8AI score0.00828EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:11 a.m.15 views

BIT-MOODLE-2020-25628

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14...

6.1CVSS6AI score0.00973EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:56 a.m.27 views

BIT-DISCOURSE-2023-37467

Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the beta and tests-passed branches, a CSP Content Security Policy nonce reuse vulnerability was discovered could allow cross-site scripting XSS attacks to bypass CSP protection for anonymous i.e. unauthenticated user...

6.8CVSS5.8AI score0.00316EPSS
Exploits0References2
NVD
NVD
added 2024/02/28 9:15 a.m.28 views

CVE-2024-0786

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...

8.8CVSS8.7AI score0.00701EPSS
Exploits0References3
OSV
OSV
added 2024/02/28 9:15 a.m.6 views

CVE-2024-0786

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...

6.5CVSS7.3AI score0.00701EPSS
Exploits0References2
Prion
Prion
added 2024/02/28 9:15 a.m.17 views

Sql injection

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...

6.5CVSS7.6AI score0.00701EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 8:33 a.m.110 views

CVE-2024-0786

Technical details about CVE-2024-0786 are not publicly provided in the connected documents. Monitor for updates from vendors/security advisories.

8.8CVSS7.2AI score0.00701EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/28 8:33 a.m.47 views

CVE-2024-0786 Conversios <= 7.0.7 - Authenticated (Subscriber+) SQL Injection via ee_syncProductCategory

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...

8.8CVSS8.9AI score0.00701EPSS
Exploits0References3
Rows per page
Query Builder