WordPress Tracking Code Manager Plugin <= 2.1.0 is vulnerable to Broken Access Control

Software Tracking Code Manager Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31347 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51665fb13771 Credits Abdi Pranata Required...

CVE-2024-2579

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16...

CVE-2024-2579 WordPress Tracking Code Manager plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16...

CVE-2024-2579

CVE-2024-2579 — WordPress Tracking Code Manager: Cross-Site Scripting due to improper input neutralization in Tracking Code Manager, versions n/a through 2.0.16. Root cause: lack of proper input handling during web page generation. Impact: XSS risk for sites using the vulnerable plugin (severity ...

CVE-2024-2579 WordPress Tracking Code Manager plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16...

PT-2024-21136 · Data443 · Data443 Tracking Code Manager

Name of the Vulnerable Software and Affected Versions: Data443 Tracking Code Manager versions n/a through 2.0.16 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for the injection of malicious scripts...

WordPress Plugin Tracking Code Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

WordPress Tracking Code Manager Plugin <= 2.0.16 is vulnerable to Cross Site Scripting (XSS)

Software Tracking Code Manager Type Plugin Vulnerable versions = 2.0.16 Fixed in 2.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-2579 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5ffb225ee347 Credits Joshua Chan Required privilege...

FeedFocal <= 1.2.2 - Unauthenticated Tracking Code Update

Description The plugin is lacking authorisation checks in its feedfocalapisetup function, allowing unauthenticated attackers to update the Tracking Code via the feedfocalsurveycode option...

CVE-2023-5715

The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress Plugin Website Optimization - Plerdy Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Analytics for WP <= 1.5.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the Settings page of this plugin, in the bo...

Tracking Code Manager <= 1.11.1 - Authenticated XSS, CSRF & DoS

The Tracking Code Manager WordPress plugin was affected by an Authenticated XSS, CSRF & DoS security vulnerability...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in trackingcode.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors...

CVE-2015-4362

The CVE-2015-4362 vulnerability affects the Drupal Tracking Code module (7.x-1.x) prior to 7.x-1.6. It is a CSRF flaw in tracking_code.admin.inc that could allow an attacker to hijack an administrator’s session to disable tracking codes. The fixed version is 7.x-1.6. If using this module on Drupa...

CVE-2015-4362

Cross-site request forgery CSRF vulnerability in trackingcode.admin.inc in the Tracking Code module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that disable tracking codes via unspecified vectors...

Drupal Tracking Code module cross-site request forgery vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Tracking Code is one of the code tracking modules. A cross-site request forgery vulnerability exists in the Drupal Tracking Code module. A remote attacker can exploit this vulnerability...

SA-CONTRIB-2015-066 - Tracking Code - Cross Site Request Forgery (CSRF)

Tracking Code module allows you to create tracking code snippets and control their visibility. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause an administrator to disable tracking codes by getting their browser to make a request to a specially-crafted UR...

Google, Advertising Companies, Found Bypassing Safari Privacy Settings

Google and several other advertising companies have allegedly been evading the privacy controls of Apple’s Safari browser by placing a special kind of tracking code on a handful of sites, according to new research done by Stanford grad student Jonathan Mayer. To follow up on Mayer’s work,...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the...