PT-2025-43023 · Pixelyoursite · Pixelyoursite – Your Smart Pixel (Tag) & Api Manager

Dmitry Ignatyev

Published

2025-10-22

Updated

2025-12-18

CVE-2025-10588

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress versions up to and including 11.1.2

Description The software is susceptible to Cross-Site Request Forgery (CSRF). This is caused by a lack of, or incorrect, nonce validation within the adminEnableGdprAjax() function. An unauthenticated attacker could potentially modify GDPR settings by forging a request, provided they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress to a version later than 11.1.2.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-10588

Affected Products

Pixelyoursite – Your Smart Pixel (Tag) & Api Manager

CVE-2025-10588

Weakness Enumeration

Related Identifiers

Affected Products

References · 5