WordPress Plugin Vulnerabilities

PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion

Description

The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.

Affects Plugins

Plugin icon
pixelyoursite-pro
Fixed in 10.4.3
Plugin icon
pixelyoursite
Fixed in 9.7.2

References

CVE
CVE-2024-7870
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7fd7a515-6389-4152-8dac-d5497dd94f6d

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
Xetnus
Verified
No
WPVDB ID
51d6a838-e402-42af-8229-3e75d91b45e9

Timeline

Publicly Published
2024-09-03 (about 1 year ago)
Added
2024-09-03 (about 1 year ago)
Last Updated
2024-09-04 (about 1 year ago)

Other

Published
Title
Published
2025-11-18
Title
YITH WooCommerce Wishlist < 4.10.1 - Wishlist Item Deletion via Wishlist Token Disclosure
Published
2025-04-24
Title
JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins
Published
2025-01-06
Title
PayU CommercePro Plugin < 3.8.4 - Unauthenticated Privilege Escalation
Published
2025-12-26
Title
Mobile builder <= 1.4.2 - Authentication Bypass
Published
2022-09-05
Title
OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass