cleantalk
Vulnerabilities and Security Researches

Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more, CVE-2025-6201

CVE, Research URL

CVE-2025-6201

Home page URL

Security reports for Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more

Application

Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more

Published on
Jun 19, 2025
Research Description
The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's conversion-pixel in all versions up to, and including, 1.49.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.49.1.
Status
vulnerable
Previous vulnerability researches
Flexo Counter (CVE-2025-50052) , Jul 01, 2025
New vulnerability
WPB Product Categories Slider for WooCommerce – Display Categories Slider on Any Page (CVE-2025-53281) , Jul 03, 2025
Tealium (CVE-2025-50018) , Jul 03, 2025
Migration, Backup, Staging – WPvivid (CVE-2025-5961) , Jul 03, 2025
Mollie Payments for WooCommerce (CVE-2025-39362) , Jul 03, 2025
User Roles and Capabilities (CVE-2025-49981) , Jul 03, 2025