Vulnerability Description
The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gtm4Wp | Google Tag Manager | < 1.15.1 |
Related Weaknesses (CWE)
References
- https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L298Product
- https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L782Product
- https://github.com/duracelltomi/gtm4wp/issues/224Issue Tracking
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0435ae14-c1fd-4611-acbThird Party Advisory
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1707Third Party Advisory
- https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L298Product
- https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L782Product
- https://github.com/duracelltomi/gtm4wp/issues/224Issue Tracking
- https://www.wordfence.com/threat-intel/vulnerabilities/id/0435ae14-c1fd-4611-acbThird Party Advisory
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1707Third Party Advisory
FAQ
What is CVE-2022-1707?
CVE-2022-1707 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insuff...
How severe is CVE-2022-1707?
CVE-2022-1707 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1707?
Check the references section above for vendor advisories and patch information. Affected products include: Gtm4Wp Google Tag Manager.