CVE-2025-14280
Unknown Unknown - Not Provided
Sensitive Information Exposure in PixelYourSite WordPress Plugin Logs

Publication date: 2025-12-29

Last updated on: 2025-12-29

Assigner: Wordfence

Description
The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, when the "Meta API logs" setting is enabled (disabled by default). The vulnerability was partially patched in version 11.1.5 and fully patched in version 11.1.5.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-29
Last Modified
2025-12-29
Generated
2026-06-16
AI Q&A
2025-12-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14280
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress pixel_yoursite *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The PixelYourSite plugin for WordPress has a vulnerability in versions up to 11.1.5 that allows unauthenticated attackers to access sensitive information through publicly exposed log files if the "Meta API logs" setting is enabled. This setting is disabled by default. The vulnerability was partially fixed in version 11.1.5 and fully fixed in 11.1.5.1.

Impact Analysis

This vulnerability can allow attackers who are not logged in to view sensitive information contained in the exposed log files, potentially leading to information disclosure risks.

Detection Guidance

You can detect this vulnerability by checking if the PixelYourSite plugin version is up to and including 11.1.5 and if the 'Meta API logs' setting is enabled. Additionally, look for publicly exposed log files related to the plugin on your server. Specific commands are not provided in the available information.

Mitigation Strategies

To mitigate this vulnerability, immediately disable the 'Meta API logs' setting if it is enabled, as it is disabled by default. Also, update the PixelYourSite plugin to version 11.1.5.1 or later, where the vulnerability is fully patched.

Compliance Impact

The vulnerability exposes potentially sensitive information through publicly accessible log files, which could include Personally Identifiable Information (PII). This exposure risks non-compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive data. The plugin updates (versions 11.1.5 and 11.1.5.1) introduced protections like restricting access to log files, creating protection files, and randomizing log file names to mitigate unauthorized access and reduce the risk of sensitive data exposure, thereby improving compliance posture. [3, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14280. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart