CVE-2025-23537
📋 TL;DR
This CSRF vulnerability in the WordPress 'Add Custom Google Tag Manager' plugin allows attackers to trick authenticated administrators into executing malicious actions without their consent, leading to stored cross-site scripting (XSS). Attackers can inject malicious scripts that execute in users' browsers when they visit affected pages. This affects all WordPress sites using the plugin version 1.0.3 or earlier.
💻 Affected Systems
- WordPress Add Custom Google Tag Manager Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject persistent malicious scripts that steal session cookies, redirect users to phishing sites, or perform actions as authenticated users, potentially compromising the entire WordPress site.
Likely Case
Attackers inject malicious JavaScript that steals administrator session cookies or redirects users to malicious sites, leading to account compromise or site defacement.
If Mitigated
With proper CSRF protections and input validation, the attack would fail, preventing script injection and maintaining site integrity.
🎯 Exploit Status
Exploitation requires tricking an authenticated administrator into clicking a malicious link or visiting a compromised page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.0.3
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Add Custom Google Tag Manager'. 4. Click 'Update Now' if available, or manually update to latest version. 5. Verify plugin is updated to version above 1.0.3.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate add-custom-google-tag-manager
Implement CSRF Tokens
allAdd CSRF protection to plugin forms if custom modifications are possible.
🧯 If You Can't Patch
- Remove the plugin entirely if patching is not possible.
- Restrict administrator access to trusted networks only.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'Add Custom Google Tag Manager' version 1.0.3 or lower.Check Version:
wp plugin get add-custom-google-tag-manager --field=versionVerify Fix Applied:
Verify plugin version is above 1.0.3 in WordPress admin panel or via wp-cli: wp plugin get add-custom-google-tag-manager --field=version.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to plugin admin endpoints without referrer headers
- Administrator actions from unexpected IP addresses or user-agents
Network Indicators:
- HTTP requests containing malicious script tags or JavaScript payloads to plugin endpoints
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin-post.php" OR uri_path CONTAINS "add-custom-google-tag-manager") AND (http_method="POST" AND referrer IS NULL)