Unauthorized Injection of Arbitrary Web Scripts Through Reflected Cross-Site Scripting in Pixel Cat Conversion Pixel Manager
CVE-2024-8544
6.1MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 24 September 2024
What is CVE-2024-8544?
The Pixel Cat – Conversion Pixel Manager plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit reflected cross-site scripting. This vulnerability arises from the use of the add_query_arg function without proper URL escaping, making it possible for attackers to inject malicious web scripts into webpages. If a user is deceived into clicking on a crafted link, the injected script can execute within their browser context, potentially leading to further security breaches and data compromise.
Affected Version(s)
Pixel Cat – Conversion Pixel Manager * <= 3.0.5