CVE-2022-1961 is a medium severity Stored Cross-Site Scripting (XSS) vulnerability affecting the Google Tag Manager for WordPress (GTM4WP) plugin developed by duracelltomi. The vulnerability arises from improper neutralization of input during web page generation (CWE-79). Specifically, the plugin fails to sufficiently escape the `gtm4wp-options[scroller-contentid]` parameter in the `~/public/frontend.php` file. This flaw allows an attacker with administrative privileges on a WordPress site to inject arbitrary JavaScript code that is stored and later executed in the context of users visiting the site. The vulnerability affects all versions up to and including 1.15.1 and is particularly relevant in multi-site WordPress installations or sites where the `unfiltered_html` capability is disabled for administrators, limiting their ability to insert raw HTML. The CVSS v3.1 base score is 5.5 (medium), reflecting that the attack requires high privileges (administrative access) but no user interaction, and can impact confidentiality and integrity by enabling script injection and potential session hijacking or privilege escalation within the site. No known exploits are reported in the wild as of the publication date. The vulnerability’s scope is limited to sites using the GTM4WP plugin with the affected versions and configurations, but given WordPress’s widespread use in Europe, the risk is non-negligible for organizations relying on this plugin for tag management and analytics integration.

For European organizations, this vulnerability could lead to unauthorized script execution within their WordPress sites, potentially compromising user data confidentiality and site integrity. Attackers with administrative access could leverage this flaw to inject malicious scripts that steal session cookies, perform actions on behalf of users, or deface websites. This can damage organizational reputation, lead to data breaches, and disrupt business operations. Since many European organizations use WordPress for corporate websites, e-commerce, and communication portals, exploitation could affect customer trust and regulatory compliance, especially under GDPR where data breaches must be reported. Multi-site WordPress installations, common in large enterprises and educational institutions, are particularly at risk. The vulnerability does not directly affect availability but could indirectly cause downtime if remediation or incident response is required.

To mitigate this vulnerability, organizations should immediately update the GTM4WP plugin to a version later than 1.15.1 where the issue is fixed. If an update is not immediately possible, administrators should restrict administrative access strictly to trusted personnel and review user roles to minimize the number of users with high privileges. Additionally, implementing a Web Application Firewall (WAF) with rules to detect and block suspicious script injection attempts targeting the vulnerable parameter can reduce risk. Regular security audits and monitoring of plugin activity logs for unusual behavior are recommended. For multi-site installations, ensure that the `unfiltered_html` capability is carefully managed and consider additional input validation or sanitization plugins to complement the default WordPress security. Finally, organizations should educate administrators about the risks of stored XSS and safe plugin management practices.