CVE-2022-1961 Information
Description
The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the gtm4wp-options[scroller-contentid] parameter found in the ~/public/frontend.php file which allowed attackers with administrative user access to inject arbitrary web scripts in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators and sites where unfiltered_html is disabled.
Reference
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail= https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1961 https://gist.github.com/Xib3rR4dAr/02a21cd0ea0b7bf586131c5eebb69f1d
Share on: