CVE-2022-1961 - Vulnerability Details - OpenCVE

The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Gtm4wp	Google Tag Manager

Configuration 1 [-]

cpe:2.3:a:gtm4wp:google_tag_manager:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://gist.github.com/Xib3rR4dAr/02a21cd0ea0b7bf586131c5eebb69f1d
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail=
https://wordpress.org/plugins/duracelltomi-google-tag-manager/#developers
https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=cve
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1961

History

Mon, 05 May 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2022-06-13T13:11:47.000Z

Updated: 2025-05-05T16:40:29.109Z

Reserved: 2022-05-31T00:00:00.000Z

Link: CVE-2022-1961

Vulnrichment

Updated: 2024-08-03T00:24:44.045Z

NVD

Status : Modified

Published: 2022-06-13T14:15:08.843

Modified: 2025-05-05T17:17:36.797

Link: CVE-2022-1961

Redhat

No data.

{"containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-10-20T15:06:03.592Z"}, "affected": [{"vendor": "duracelltomi", "product": "GTM4WP", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.15.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=cve"}, {"url": "https://gist.github.com/Xib3rR4dAr/02a21cd0ea0b7bf586131c5eebb69f1d"}, {"url": "https://wordpress.org/plugins/duracelltomi-google-tag-manager/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail="}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1961"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Zeeshan"}], "timeline": [{"time": "2022-05-31T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:24:44.045Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=cve", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/Xib3rR4dAr/02a21cd0ea0b7bf586131c5eebb69f1d", "tags": ["x_transferred"]}, {"url": "https://wordpress.org/plugins/duracelltomi-google-tag-manager/#developers", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1961", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:16:34.944286Z", "id": "CVE-2022-1961", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T16:40:29.109Z"}}]}, "cveMetadata": {"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "assignerShortName": "Wordfence", "cveId": "CVE-2022-1961", "datePublished": "2022-06-13T13:11:47.000Z", "dateReserved": "2022-05-31T00:00:00.000Z", "dateUpdated": "2025-05-05T16:40:29.109Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=cve", "tags": ["x_transferred"]}, {"url": "https://gist.github.com/Xib3rR4dAr/02a21cd0ea0b7bf586131c5eebb69f1d", "tags": ["x_transferred"]}, {"url": "https://wordpress.org/plugins/duracelltomi-google-tag-manager/#developers", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail=", "tags": ["x_transferred"]}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1961", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:24:44.045Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-1961", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:16:34.944286Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T13:11:10.609Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Muhammad Zeeshan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "duracelltomi", "product": "GTM4WP", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.15.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2022-05-31T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=cve"}, {"url": "https://gist.github.com/Xib3rR4dAr/02a21cd0ea0b7bf586131c5eebb69f1d"}, {"url": "https://wordpress.org/plugins/duracelltomi-google-tag-manager/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail="}, {"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1961"}], "descriptions": [{"lang": "en", "value": "The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-10-20T15:06:03.592Z"}}}, "cveMetadata": {"cveId": "CVE-2022-1961", "state": "PUBLISHED", "dateUpdated": "2025-05-05T16:40:29.109Z", "dateReserved": "2022-05-31T00:00:00.000Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2022-06-13T13:11:47.000Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gtm4wp:google_tag_manager:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4831FBAA-A642-474A-9742-84F68968094D", "versionEndExcluding": "1.15.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled."}, {"lang": "es", "value": "El plugin Google Tag Manager para WordPress (GTM4WP) es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado debido a un escape insuficiente por medio del par\u00e1metro \"gtm4wp-options[scroller-contentid]\" que es encontrado en el archivo \"~/public/frontend.php\" y que permite a atacantes con acceso de usuario administrativo inyectar scripts web arbitrarios, en versiones hasta la 1.15.1 incluy\u00e9ndola. Esto afecta a las instalaciones multisitio en las que unfiltered_html est\u00e1 deshabilitado para los administradores, y a los sitios en los que unfiltered_html est\u00e1 deshabilitado"}], "id": "CVE-2022-1961", "lastModified": "2025-05-05T17:17:36.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-13T14:15:08.843", "references": [{"source": "security@wordfence.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/Xib3rR4dAr/02a21cd0ea0b7bf586131c5eebb69f1d"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/duracelltomi-google-tag-manager/#developers"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=cve"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1961"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/Xib3rR4dAr/02a21cd0ea0b7bf586131c5eebb69f1d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Release Notes"], "url": "https://wordpress.org/plugins/duracelltomi-google-tag-manager/#developers"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1961"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}