CVE-2025-12545: 
WordPress Schwachstellenanalyse und -minderung

The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress contains an Information Exposure vulnerability (CVE-2025-12545) affecting all versions up to and including 1.49.2. The vulnerability was discovered and reported by Wordfence, with the initial disclosure made on November 18, 2025 (NVD CVE).

The vulnerability exists in the ajaxpmwgetproductids() function due to insufficient restrictions on which products can be included. The severity is rated as MEDIUM with a CVSS v3.1 Base Score of 5.3 (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). The vulnerability is classified as CWE-200: Exposure of Sensitive Information to an Unauthorized Actor (NVD CVE).

This vulnerability allows unauthenticated attackers to extract data from password protected, private, or draft products that they should not have access to. The impact primarily affects the confidentiality of protected product information, while integrity and availability remain unaffected (NVD CVE).