5.3

CVE-2025-14280

EPSS 0.05%
Veröffentlicht 29.12.2025 18:20:49
Zuletzt bearbeitet 31.12.2025 20:43:25
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

PixelYourSite <= 11.1.5 - Sensitive Information Exposure via Log File

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, when the "Meta API logs" setting is enabled (disabled by default). The vulnerability was partially patched in version 11.1.5 and fully patched in version 11.1.5.1.

Mögliche Gegenmaßnahme

PixelYourSite – Your smart PIXEL (TAG) & API Manager: Update to version 11.1.5.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt PixelYourSite – Your smart PIXEL (TAG) & API Manager

Version *-11.1.5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerpixelyoursite

≫

Produkt PixelYourSite – Your smart PIXEL (TAG) & API Manager

Default Statusunaffected

Version <= 11.1.5

Version *

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.17

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.wordfence.com/threat-intel/vulnerabilities/id/0fe77926-8a43-42ce-9d3d-3aac2334dcbd?source=cve

https://plugins.trac.wordpress.org/browser/pixelyoursite/tags/11.1.4.2/includes/logger/class-pys-logger.php#L118

https://plugins.trac.wordpress.org/changeset/3424175/pixelyoursite

https://plugins.trac.wordpress.org/changeset/3416113/pixelyoursite

https://www.wordfence.com/threat-intel/vulnerabilities/id/0fe77926-8a43-42ce-9d3d-3aac2334dcbd

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-14280

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14280

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14280

EUVD