Pixelyoursite
by WordPress
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-0769 | Med | 0.41 | — | 0.00 | Feb 28, 2025 | PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php. | |
| CVE-2025-22300 | Med | 0.35 | 5.4 | 0.00 | Jan 7, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager pixelyoursite allows Cross Site Request Forgery.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through <= 10.0.1.2. | |
| CVE-2025-14280 | Med | 0.34 | 5.3 | 0.00 | Dec 29, 2025 | The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, when the "Meta API logs" setting is enabled (disabled by default). The vulnerability was partially patched in version 11.1.5 and fully patched in version 11.1.5.1. | |
| CVE-2025-10723 | Low | 0.18 | 2.7 | 0.00 | Oct 24, 2025 | The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks |
- risk 0.41cvss —epss 0.00
PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php.
- risk 0.35cvss 5.4epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager pixelyoursite allows Cross Site Request Forgery.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through <= 10.0.1.2.
- risk 0.34cvss 5.3epss 0.00
The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, when the "Meta API logs" setting is enabled (disabled by default). The vulnerability was partially patched in version 11.1.5 and fully patched in version 11.1.5.1.
- risk 0.18cvss 2.7epss 0.00
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks