cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-1961,https://securityvulnerability.io/vulnerability/CVE-2022-1961,Stored Cross-Site Scripting Vulnerability in Google Tag Manager for WordPress,"The Google Tag Manager for WordPress (GTM4WP) plugin contains a vulnerability that allows administrators to inject arbitrary web scripts due to insufficient escaping in the 'gtm4wp-options[scroller-contentid]' parameter within the 'frontend.php' file. This issue primarily impacts multi-site installations where the unfiltered_html capability is disabled for administrators and specific sites that restrict this capability, potentially allowing attackers to exploit the vulnerability when administrative access is gained.",Wordpress,Gtm4WP,5.5,MEDIUM,0.0011500000255182385,false,,false,false,false,,false,false,2022-06-13T13:11:47.000Z,0
CVE-2022-1707,https://securityvulnerability.io/vulnerability/CVE-2022-1707,Google Tag Manager for WordPress (GTM4WP) <= 1.15 - Reflected Cross-Site Scripting via site search,The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers.,Wordpress,Gtm4WP,6.1,MEDIUM,0.0033100000582635403,false,,false,false,false,,false,false,2022-06-13T12:45:36.000Z,0