CVE-2023-46352

Name of the Vulnerable Software and Affected Versions Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module version 2.4.9

Description The issue is related to a lack of permissions control in the module, allowing a guest to download personal information without restriction. This can lead to a leak of personal information from the ps customer table, including name, surname, and email.

Recommendations For version 2.4.9, consider disabling the export functionality in the module until a patch is available to prevent unauthorized access to personal information. Restrict access to the module's exports to minimize the risk of exploitation. Avoid using the module's export feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.