Cross site scripting

The Google Tag Manager for WordPress GTM4WP plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the gtm4wp-optionsscroller-contentid parameter found in the /public/frontend.php file which allowed attackers with administrative user access to inject arbitrary web...

CVE-2022-1961

The CVE-2022-1961 issue affects the WordPress GTM4WP (Google Tag Manager for WordPress) plugin. The vulnerability is a Stored XSS in the gtm4wp-options[scroller-contentid] parameter in ~/public/frontend.php, exploitable by attackers with administrative privileges. Affected releases are GTM4WP ver...

WordPress GTM4WP plugin <= 1.15.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress GTM4WP plugin versions = 1.15.1. Solution Update the WordPress GTM4WP plugin to the latest available version at least 1.15.2...

GTM4WP < 1.15.2 - Admin+ Stored Cross-Site Scripting

The plugin does not properly escape the Content Element ID settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed for example multisite setups...