6 matches found
WordPress VDZ Google Analytics or Google Tag Manager / GTM plugin <= 1.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered in WordPress VDZ Google Analytics or Google Tag Manager / GTM plugin versions = 1.4.7. Solution Update the WordPress VDZ Google Analytics or Google Tag Manager / GTM plugin to the latest available version at least 1.4.9...
VDZ Google Analytics or Google Tag Manager / GTM < 1.4.9 - Authenticated Stored XSS
The plugin does not properly sanitise or escape some of its settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed PoC Put the following payloads in the Google Analytics ID settings of the plugin...
WordPress VDZ Google Analytics or Google Tag Manager / GTM plugin <= 1.5.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress VDZ Google Analytics or Google Tag Manager / GTM plugin versions = 1.5.5. Solution Update the WordPress VDZ Google Analytics or Google Tag Manager / GTM plugin to the latest available version at leas...
VDZ Verification < 1.4 - Authenticated Stored XSS
The plugin does not sanitise its Meta Tag settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in any of the Meta Tag field in the plugin's Settings...
VDZ Verification < 1.4 - Authenticated Stored XSS
The plugin does not sanitise its Meta Tag settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payload in any of the Meta Tag field in the plugin's Settings...
VDZ CallBack < 1.14.6 - Authenticated Stored XSS
The plugin does not properly sanitise or escape some of its settings, allowing high privilege users such as admin to perform XSS attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Title setting of the plugin...