WordPress Plugin Vulnerabilities

WP Google Tag Manager <= 1.1 - Cross-Site Request Forgery (CSRF)

Description

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.

Affects Plugins

Plugin icon
wp-google-tag-manager
No known fix

References

CVE
CVE-2023-22693
URL
https://patchstack.com/database/vulnerability/wp-google-tag-manager/wordpress-wp-google-tag-manager-plugin-1-1-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
1f4f84cc-d36a-475c-b409-9a26d20ba4d0

Timeline

Publicly Published
2023-02-27 (about 3 years ago)
Added
2023-05-29 (about 2 years ago)
Last Updated
2023-05-29 (about 2 years ago)

Other

Published
Title
Published
2023-06-26
Title
WooCommerce Google Sheet Connector < 1.3.6 - Access Code Update via CSRF
Published
2025-05-07
Title
WP Hotel Booking < 2.2.0 - Cross-Site Request Forgery
Published
2025-04-09
Title
Interactive US Map <= 2.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2022-09-23
Title
3dady Real Time Web Stats <= 1.0 - Stored Cross-Site Scripting via CSRF
Published
2025-01-24
Title
Taxonomy/Term and Role based Discounts for WooCommerce < 5.2 - Cross-Site Request Forgery to Settings Update