cleantalk
Vulnerabilities and Security Researches

Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more, CVE-2025-6201

CVE, Research URL

CVE-2025-6201

Home page URL

Security reports for Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more

Application

Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more

Published on
Jun 19, 2025
Research Description
The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's conversion-pixel in all versions up to, and including, 1.49.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.49.1.
Status
vulnerable
Previous vulnerability researches
Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more (9fa7dc35fb8e392a2c241e7876910f3ee8f16694) , Jun 07, 2024
Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more (CVE-2025-6201) , Jul 03, 2025
Pixel Manager for WooCommerce – Track Google Analytics, Google Ads, TikTok and more (CVE-2022-4974) , Nov 15, 2024
New vulnerability
IS-theme-companion (CVE-2025-53277) , Jul 04, 2025
Lead Form Data Collection to CRM (CVE-2025-5692) , Jul 04, 2025
Drive Folder Embedder (CVE-2025-6546) , Jul 04, 2025
WP Roadmap – Product Feedback Board (CVE-2025-52822) , Jul 04, 2025
WP Wall (CVE-2025-28968) , Jul 04, 2025