PixelYourSite Vulnerable to Sensitive Information Exposure
CVE-2024-7870

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Pixelyoursite Pro – Your Smart Pixel (tag) Manager; Pixelyoursite – Your Smart Pixel (tag) & Api Manager
Vendor: CVE Published:; 4 September 2024

Summary

The PixelYourSite and PixelYourSite PRO plugins for WordPress are affected by a vulnerability that exposes sensitive information through log files that are publicly accessible. This risk exists in all versions up to and including 9.7.1 and 10.4.2, respectively. Attackers without authentication can view sensitive data contained within these log files, posing a significant security risk. Additionally, this vulnerability allows for the unauthorized deletion of log files, which can further compromise data integrity. Ensuring that these plugins are updated and properly configured is essential for maintaining the security of WordPress sites utilizing these tools.

Affected Version(s)

PixelYourSite – Your smart PIXEL (TAG) & API Manager * <= 9.7.1

PixelYourSite Pro – Your smart PIXEL (TAG) Manager * <= 10.4.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://github.com/WordpressPluginDirectory/pixelyoursite...

https://plugins.trac.wordpress.org/browser/pixelyoursite/...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2024
Vulnerability Reserved
Aug 15, 2024

Credit

Grant Grubbs