gtm4wp CVE Vulnerabilities & CVE List (2)

Products (CPE): — CVEs: 2

gtm4wp vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to gtm4wp, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 12 of 2 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2022-1961 The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. [email protected] 5.5 1.07% 2022-06-13 2026-06-17
CVE-2022-1707 The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers. [email protected] 6.1 88.91% 2022-06-13 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence