WordPress Plugin Vulnerabilities

PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion

Description

The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.

Affects Plugins

Plugin icon
pixelyoursite-pro
Fixed in 10.4.3
Plugin icon
pixelyoursite
Fixed in 9.7.2

References

CVE
CVE-2024-7870
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7fd7a515-6389-4152-8dac-d5497dd94f6d

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Xetnus
Verified
No
WPVDB ID
51d6a838-e402-42af-8229-3e75d91b45e9

Timeline

Publicly Published
2024-09-03 (about 1 year ago)
Added
2024-09-03 (about 1 year ago)
Last Updated
2024-09-04 (about 1 year ago)

Other

Published
Title
Published
2025-08-22
Title
Simpler Checkout 0.7.0 - 1.1.9 - Authentication Bypass
Published
2024-10-25
Title
1-Click Login: Passwordless Authentication 1.4.5 - Authentication Bypass
Published
2024-12-11
Title
OAuth Single Sign On – SSO (OAuth Client) < 6.26.4 - Authentication Bypass
Published
2014-08-01
Title
WordPress 2.0 - 3.0 Remote Authenticated Administrator Add Action Bypass
Published
2024-10-25
Title
User Toolkit < 1.2.4 - Authenticated (Subscriber+) Authentication Bypass