CVE-2025-12545
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-18

Last updated on: 2025-11-18

Assigner: Wordfence

Description
The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.49.2 via the ajax_pmw_get_product_ids() function due to insufficient restrictions on which products can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-18
Last Modified
2025-11-18
Generated
2026-05-07
AI Q&A
2025-11-18
EPSS Evaluated
2026-05-05
NVD
CVE-2025-12545
EUVD
EUVD-2025-197993
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
woocommerce pixel_manager 1.49.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Pixel Manager for WooCommerce plugin for WordPress, versions up to and including 1.49.2. It is caused by insufficient restrictions in the ajax_pmw_get_product_ids() function, allowing unauthenticated attackers to access data from products that are password protected, private, or in draft status, which they should not be able to see.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized exposure of sensitive product information that is meant to be restricted. Attackers can extract data from protected or private products without authentication, potentially leading to information leakage and privacy concerns.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart