vulnerability
WordPress Plugin: woocommerce-google-adwords-conversion-tracking-tag: CVE-2025-12545: Exposure of Sensitive Information to an Unauthorized Actor
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Nov 18, 2025 | Nov 18, 2025 | Nov 19, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Nov 18, 2025
Added
Nov 18, 2025
Modified
Nov 19, 2025
Description
The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajax_pmw_get_product_ids() function due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.
Solution
woocommerce-google-adwords-conversion-tracking-tag-plugin-cve-2025-12545
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.