Conversios
0 remedies
cpe:2.3:a:conversios:conversios:*:*:*:*:wordpress:*:*
0 remedies
- <= 7.1.0
Conversios Google Analytics 4 and Meta Pixel Integration for WooCommerce Reflected Cross-Site Scripting Vulnerability
Vulnerability
A reflected cross-site scripting vulnerability has been identified in the Conversios Google Analytics 4, Meta Pixel, and other integrations via Google Tag Manager for WooCommerce plugin, all versions up to and including 7.1.0. The vulnerability arises from inadequate input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts. These scripts could be executed if the attacker successfully persuades a user to perform an action, such as clicking a link.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser.
Reproduction
To reproduce this vulnerability, send a request to the WordPress site with the 'tiktok_user_id' parameter included. The injected script will be executed if the user clicks on a link that contains the malicious payload.
Added: May 15, 2026, 8:17 AM
Updated: May 15, 2026, 8:17 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
1.7exploitability
7.4remediation
0.0relevance
0.0threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.