VYPR

Google Tag Manager for WordPress (GTM4WP)

by WordPress

CVEs (2)

  • CVE-2022-1707MedJun 13, 2022
    risk 0.40cvss 6.1epss 0.90

    The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is…

  • CVE-2022-1961MedJun 13, 2022
    risk 0.36cvss 5.5epss 0.01

    The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access…