CVE-2022-1707
⚪ Do wiadomości
Reflected Cross-Site Scripting w wtyczce Google Tag Manager dla WordPressa umożliwia atakującym wykonanie skryptów.
CVSS
6.1
EPSS
16.2%
Exploit
none
Vendor
gtm4wp
Opis źródłowy (NVD)
The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers.
xss
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.1 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 16.2% |
| Opublikowano (NVD) | 2022-06-13 13:15:11 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-08 17:16:43 UTC |
Referencje
- https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L298 (security@wordfence.com) [Product]
- https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L782 (security@wordfence.com) [Product]
- https://github.com/duracelltomi/gtm4wp/issues/224 (security@wordfence.com) [Issue Tracking]
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0435ae14-c1fd-4611-acbe-5f3bafd4bb6a?source=cve (security@wordfence.com) [Third Party Advisory]
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1707 (security@wordfence.com) [Third Party Advisory]