Vulnerabilities and security researches forofficial-facebook-pixel official-facebook-pixel

Jun 07, 2024

CVE, Research URL: CVE-2021-24217
Home page URL: Security reports for Meta pixel for WordPress
Application: Meta pixel for WordPress
Date: Apr 12, 2021
Research Description: The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24218
Home page URL: Security reports for Meta pixel for WordPress
Application: Meta pixel for WordPress
Date: Apr 12, 2021
Research Description: The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved.
Affected versions: Min -, max -.
Status: vulnerable

Sep 05, 2025

PSC, Research URL: PSC-2025-64593
Home page URL: Security reports for Meta pixel for WordPress
Application: Meta pixel for WordPress
Date: Sep 05, 2025
Research Description: Meta Pixel for WordPress is a lightweight and powerful plugin that allows website owners to easily integrate the Meta Pixel (formerly Facebook Pixel) into their WordPress site. With this plugin, site administrators can track critical events such as Lead, ViewContent, AddToCart, InitiateCheckout, and Purchase, while also leveraging the Conversions API for more reliable data collection. By combining the Pixel with the Conversions API, businesses can establish a direct, server-to-server connection with Meta systems, ensuring accurate tracking, optimized ad delivery, and reduced costs per action. This integration improves campaign performance, enables precise retargeting, and provides deeper insights into user interactions across Facebook and Instagram ads.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED