CVE-2022-1707

The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:gtm4wp:google_tag_manager:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-06-13 06:15

Updated : 2022-06-17 16:23


NVD link : CVE-2022-1707

Mitre link : CVE-2022-1707


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

gtm4wp

  • google_tag_manager