Does GTM Kit – Google Tag Manager & GA4 integration have any unpatched vulnerabilities?

No. All known vulnerabilities in GTM Kit – Google Tag Manager & GA4 integration have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GTM Kit – Google Tag Manager & GA4 integration compatible with WordPress 6.9.4?

According to WordPress.org data, GTM Kit – Google Tag Manager & GA4 integration 2.8.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is GTM Kit – Google Tag Manager & GA4 integration compatible with PHP 7.4+?

GTM Kit – Google Tag Manager & GA4 integration requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is GTM Kit – Google Tag Manager & GA4 integration updated?

GTM Kit – Google Tag Manager & GA4 integration was last updated on Feb 17, 2026. Frequent updates are generally a positive security signal.

What is GTM Kit – Google Tag Manager & GA4 integration's security score?

GTM Kit – Google Tag Manager & GA4 integration has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GTM Kit – Google Tag Manager & GA4 integration Security & Risk Analysis

wordpress.org/plugins/gtm-kit

Google Tag Manager and GA4 integration. Including WooCommerce data for Google Analytics 4 and support for server side GTM.

30K active installs v2.8.2 PHP 7.4+ WP 6.7+ Updated Feb 17, 2026

analyticsga4google-tag-managergtmwoocommerce

A · Safe

CVEs total1

Unpatched0

Last CVEMar 31, 2025

Plugin page Download

Safety Verdict

Is GTM Kit – Google Tag Manager & GA4 integration Safe to Use in 2026?

Generally Safe

Score 99/100

GTM Kit – Google Tag Manager & GA4 integration has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 31, 2025Updated 1mo ago

Risk Assessment

The gtm-kit v2.8.2 plugin exhibits a generally good security posture with no identified critical or high vulnerabilities in the static analysis or taint analysis. The plugin demonstrates strong adherence to secure coding practices by properly escaping the vast majority of its output and includes nonce and capability checks. The attack surface is also remarkably small, with zero identified entry points, indicating a well-designed interface. The only notable concern from the static analysis is the presence of SQL queries that are not prepared, which can introduce risks of SQL injection if not handled carefully. However, the limited number of such queries and the absence of any taint flows through them mitigate this risk significantly.

The plugin's vulnerability history shows one previously disclosed medium-severity vulnerability, categorized as Exposure of Sensitive Information to an Unauthorized Actor. Crucially, this vulnerability is marked as patched, indicating that the developers are responsive to security issues. The fact that there are no currently unpatched vulnerabilities and no critical or high-severity historical issues further reinforces a positive security outlook. Overall, gtm-kit v2.8.2 appears to be a secure plugin with a responsible development team, although the minor risk associated with unprepared SQL queries warrants continued vigilance.

Key Concerns

Raw SQL queries without prepared statements

Vulnerabilities

GTM Kit – Google Tag Manager & GA4 integration Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31001medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

GTM Kit <= 2.4.0 - Unauthenticated Sensitive Information Exposure

Mar 31, 2025 Patched in 2.4.1 (11d)

Code Analysis

Analyzed Mar 16, 2026

GTM Kit – Google Tag Manager & GA4 integration Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

62 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

97% escaped64 total outputs

Attack Surface

GTM Kit – Google Tag Manager & GA4 integration Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 76

actionbefore_woocommerce_initinc\main.php:210

actioninitinc\main.php:220

actionplugins_loadedinc\main.php:222

actionplugins_loadedinc\main.php:224

actionadmin_initsrc\Admin\AbstractOptionsPage.php:66

actionadmin_menusrc\Admin\AbstractOptionsPage.php:67

actionadmin_enqueue_scriptssrc\Admin\AbstractOptionsPage.php:68

filteradmin_body_classsrc\Admin\AbstractOptionsPage.php:70

actionactivated_pluginsrc\Admin\AbstractOptionsPage.php:72

actiondeactivated_pluginsrc\Admin\AbstractOptionsPage.php:73

actionswitch_themesrc\Admin\AbstractOptionsPage.php:74

actionrest_api_initsrc\Admin\AdminAPI.php:51

actioninitsrc\Admin\Analytics.php:60

actiongtmkit_send_anonymous_datasrc\Admin\Analytics.php:61

actionadd_meta_boxessrc\Admin\MetaBox.php:41

actionsave_postsrc\Admin\MetaBox.php:42

actioninitsrc\Admin\NotificationsHandler.php:61

actiongtmkit_deactivatesrc\Admin\NotificationsHandler.php:62

actionshutdownsrc\Admin\NotificationsHandler.php:63

actionadmin_initsrc\Admin\SetupWizard.php:61

actionadmin_menusrc\Admin\SetupWizard.php:62

actionadmin_enqueue_scriptssrc\Admin\SetupWizard.php:63

actionadmin_initsrc\Admin\Suggestions.php:77

actionadmin_initsrc\Admin\Suggestions.php:78

actionadmin_initsrc\Admin\Suggestions.php:79

actionadmin_initsrc\Admin\Suggestions.php:80

actionadmin_initsrc\Admin\Suggestions.php:81

actionadmin_initsrc\Admin\Suggestions.php:82

actionadmin_initsrc\Admin\Suggestions.php:83

actionadmin_initsrc\Admin\Suggestions.php:84

filtergtmkit_datalayer_contentsrc\Frontend\BasicDatalayerData.php:57

filtergtmkit_datalayer_contentsrc\Frontend\BasicDatalayerData.php:58

actionwp_enqueue_scriptssrc\Frontend\Frontend.php:52

actionwp_enqueue_scriptssrc\Frontend\Frontend.php:53

actionwp_enqueue_scriptssrc\Frontend\Frontend.php:57

actionwp_headsrc\Frontend\Frontend.php:59

actionwp_enqueue_scriptssrc\Frontend\Frontend.php:63

actionwp_body_opensrc\Frontend\Frontend.php:67

actionbody_footersrc\Frontend\Frontend.php:69

filterwp_resource_hintssrc\Frontend\Frontend.php:72

filterrocket_excluded_inline_js_contentsrc\Frontend\Frontend.php:73

filterwp_inline_script_attributessrc\Frontend\Frontend.php:74

actioninitsrc\Frontend\Stape.php:48

filtergtmkit_datalayer_contentsrc\Frontend\UserData.php:41

actionadd_site_option_auto_update_pluginssrc\Installation\AutomaticUpdates.php:150

actionupdate_site_option_auto_update_pluginssrc\Installation\AutomaticUpdates.php:151

actiondelete_site_option_auto_update_pluginssrc\Installation\AutomaticUpdates.php:152

actionwp_enqueue_scriptssrc\Integration\ContactForm7.php:50

filtergtmkit_header_script_datasrc\Integration\EasyDigitalDownloads.php:67

filtergtmkit_header_script_datasrc\Integration\EasyDigitalDownloads.php:68

filtergtmkit_datalayer_contentsrc\Integration\EasyDigitalDownloads.php:69

actionwp_enqueue_scriptssrc\Integration\EasyDigitalDownloads.php:70

actionedd_purchase_link_endsrc\Integration\EasyDigitalDownloads.php:71

filtergtmkit_header_script_settingssrc\Integration\WooCommerce.php:86

filtergtmkit_header_script_datasrc\Integration\WooCommerce.php:87

filtergtmkit_datalayer_contentsrc\Integration\WooCommerce.php:88

actionwp_enqueue_scriptssrc\Integration\WooCommerce.php:89

actionwoocommerce_after_add_to_cart_buttonsrc\Integration\WooCommerce.php:92

filterwoocommerce_grouped_product_list_column_labelsrc\Integration\WooCommerce.php:99

filterwoocommerce_blocks_product_grid_item_htmlsrc\Integration\WooCommerce.php:108

actionwoocommerce_after_shop_loop_itemsrc\Integration\WooCommerce.php:117

filterwoocommerce_cart_item_remove_linksrc\Integration\WooCommerce.php:118

filterwoocommerce_product_loop_startsrc\Integration\WooCommerce.php:121

filterwoocommerce_related_products_columnssrc\Integration\WooCommerce.php:122

filterwoocommerce_cross_sells_columnssrc\Integration\WooCommerce.php:123

filterwoocommerce_upsells_columnssrc\Integration\WooCommerce.php:124

actionwoocommerce_shortcode_before_best_selling_products_loopsrc\Integration\WooCommerce.php:125

filtersafe_style_csssrc\Integration\WooCommerce.php:132

filterwoocommerce_is_order_received_pagesrc\Integration\WooCommerce.php:142

actionwoocommerce_shortcode_before_featured_products_loopsrc\Integration\WooCommerce.php:145

actionwoocommerce_shortcode_before_recent_products_loopsrc\Integration\WooCommerce.php:152

actionwoocommerce_shortcode_before_related_products_loopsrc\Integration\WooCommerce.php:159

actionwoocommerce_shortcode_before_sale_products_loopsrc\Integration\WooCommerce.php:166

actionwoocommerce_shortcode_before_top_rated_products_loopsrc\Integration\WooCommerce.php:173

actionwoocommerce_shortcode_before_product_category_loopsrc\Integration\WooCommerce.php:180

actionwoocommerce_blocks_loadedsrc\Integration\WooCommerce.php:188

Maintenance & Trust

GTM Kit – Google Tag Manager & GA4 integration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 17, 2026

PHP min version7.4

Downloads529K

Community Trust

Rating96/100

Number of ratings19

Active installs30K

Alternatives

GTM Kit – Google Tag Manager & GA4 integration Alternatives

Lean GA4 Tracker

lean-ga4-tracker

100

Lightweight Google Analytics 4 (GA4) plugin for WordPress with WooCommerce tracking, Consent Mode, and Google Tag Manager support.

0 No CVEs

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

Google Analytics and Google Tag Manager

wk-google-analytics

Google Analytics or Google Tag Manager for WordPress without tracking your own visits.

10K No CVEs

WP Global Site Tag

wp-global-site-tag

100

Global Site Tag (gtag.js) is a new Google Analytics replacement – giving you better control while making implementation easier. Using gtag.

8K No CVEs

Tag Pilot FREE – Google Tag Manager Integration for WooCommerce

gtm-ecommerce-woo

100

Complete GTM plugin for WooCommerce (Consent Mode v2 and Server-Side). Ready for GA4 and FB Pixel. Product feed for Google Merchant Center.

2K No CVEs

Developer Profile

GTM Kit – Google Tag Manager & GA4 integration Developer Profile

TLA Media

3 plugins · 30K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

11 days

View full developer profile

Detection Fingerprints

How We Detect GTM Kit – Google Tag Manager & GA4 integration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gtm-kit/assets/admin/wizard.css/wp-content/plugins/gtm-kit/assets/admin/wizard.js/wp-content/plugins/gtm-kit/assets/admin/gtmkit-settings-script.css/wp-content/plugins/gtm-kit/assets/admin/gtmkit-settings-script.js

Script Paths

/wp-content/plugins/gtm-kit/assets/admin/wizard.js/wp-content/plugins/gtm-kit/assets/admin/gtmkit-settings-script.js

Version Parameters

gtm-kit/assets/admin/wizard.css?ver=gtm-kit/assets/admin/wizard.js?ver=gtm-kit/assets/admin/gtmkit-settings-script.css?ver=gtm-kit/assets/admin/gtmkit-settings-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

gtmkit-text-color-greygtmkit-text-sm

Data Attributes

data-gtmkit-nonce

JS Globals

gtmkitSettings

REST Endpoints

/wp-json/gtmkit/v1/settings

FAQ