Cross-Site Request Forgery Vulnerability in PixelYourSite by PixelYourSite
CVE-2025-22300

5.4MEDIUM

Key Information:

Vendor
WordPress
Status
Pixelyoursite – Your Smart Pixel (tag) Manager
Vendor
CVE Published:
7 January 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in PixelYourSite – Your smart PIXEL (TAG) Manager, allowing an attacker to send unauthorized requests on behalf of users. This vulnerability affects versions from unspecified to 10.0.1.2, potentially compromising user data and actions without their consent.

Affected Version(s)

PixelYourSite – Your smart PIXEL (TAG) Manager <= 10.0.1.2

References

https://patchstack.com/database/wordpress/plugin/pixelyou...
vdb-entry

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dhabaleshwar Das (Patchstack Alliance)
.