Vulnerabilities and security researches forwoocommerce-google-adwords-conversion-tracking-tag woocommerce-google-adwords-conversion-tracking-tag

Jun 07, 2024

CVE, Research URL: 9fa7dc35fb8e392a2c241e7876910f3ee8f16694
Home page URL: Security reports for Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Application: Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Date: Feb 28, 2022
Research Description: Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more [woocommerce-google-adwords-conversion-tracking-tag] < 1.14.3 WordPress WooCommerce Pixel Manager plugin < 1.14.3 - Sensitive Information Disclosure vulnerability Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Pixel Manager plugin (versions < 1.14.3).
Affected versions: max 1.14.3.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Application: Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 1.14.3.
Status: vulnerable

Jul 03, 2025

CVE, Research URL: CVE-2025-6201
Home page URL: Security reports for Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Application: Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Date: Jun 19, 2025
Research Description: The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's conversion-pixel in all versions up to, and including, 1.49.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.49.1.
Status: vulnerable

Jan 09, 2026

CVE, Research URL: CVE-2025-67564
Home page URL: Security reports for Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Application: Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Date: Dec 09, 2025
Research Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through <= 1.51.1.
Affected versions: max 1.51.1.
Status: vulnerable

CVE, Research URL: CVE-2025-12545
Home page URL: Security reports for Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Application: Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more
Date: Nov 18, 2025
Research Description: The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajax_pmw_get_product_ids() function due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.
Affected versions: max 1.49.3.
Status: vulnerable