228 matches found
CVE-2024-37447
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL TAG Manager allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL TAG Manager: from n/a through 9.6.1.1...
CVE-2024-6288
The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktokuserid’ parameter in all versions up to, and including, 7.1.0 due to insufficient input sanitization and output...
New Case Study: Unmanaged GTM Tags Become a Security Nightmare
Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when i...
PT-2024-22385 · WordPress · Wordpress Tag/Category Manager – Ai Autotagger
Name of the Vulnerable Software and Affected Versions: The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress versions up to, and including, 3.13.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin...
WordPress Tag and Category Manager – AI Autotagger < 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sttagcloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-1770 Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection
The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the getpostdata function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP...
CVE-2024-1770
CVE-2024-1770 affects the Meta Tag Manager plugin for WordPress (vulnerable up to 3.0.2). It enables PHP Object Injection via deserialization in get_post_data, requiring at least Contributor+ authentication. The vulnerability can allow an authenticated attacker to inject a PHP object; the initial...
WordPress Meta Tag Manager Plugin <= 3.0.2 is vulnerable to PHP Object Injection
Software Meta Tag Manager Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1770 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID e36fbb9c63ac Credits Francesco Carlucci Required privilege...
WordPress Plugin Meta Tag Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2024-1203
The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-1203
The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-1203 Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection
The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2024-1203 Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection
The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 7.0.7 due to insufficient escaping on the user supplied parameter and lack of...
BIT-MOODLE-2020-25628
The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14...
BIT-DISCOURSE-2023-37467
Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the beta and tests-passed branches, a CSP Content Security Policy nonce reuse vulnerability was discovered could allow cross-site scripting XSS attacks to bypass CSP protection for anonymous i.e. unauthenticated user...
CVE-2024-0786
The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...
CVE-2024-0786
The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...
Sql injection
The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...
CVE-2024-0786
Technical details about CVE-2024-0786 are not publicly provided in the connected documents. Monitor for updates from vendors/security advisories.
CVE-2024-0786 Conversios <= 7.0.7 - Authenticated (Subscriber+) SQL Injection via ee_syncProductCategory
The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...