Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through <= 1.51.1.
Published: 2025-12-09
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The plugin contains an error that permits unauthorized parties to retrieve sensitive system information embedded within the plugin. The flaw allows an attacker to read data that should be restricted to authorized users. According to CWE‑497, the vulnerability stems from improper handling of sensitive data, leading to disclosure.

Affected Systems

The vulnerability is present in the alekv Pixel Manager for WooCommerce WordPress plugin for all releases up to and including version 1.51.1. No later versions are listed as affected, so upgrades beyond 1.51.1 should resolve the issue.

Risk and Exploitability

Using the provided CVSS score of 5.3, the vulnerability is considered moderate. The EPSS score of less than 1% indicates a very low probability of exploitation, and the issue is not currently listed in the CISA KEV catalog. The attack likely requires remote access to the WordPress installation or exploitation of a publicly exposed endpoint within the plugin, allowing the attacker to read the embedded data.

Generated by OpenCVE AI on April 29, 2026 at 13:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Pixel Manager for WooCommerce plugin to a version newer than 1.51.1, ensuring the vulnerability is patched.
  • If an immediate update is not possible, disable or remove the plugin from the WordPress installation.
  • Restrict access to the WordPress admin area by implementing a strong password policy and two‑factor authentication to reduce the risk of unauthorized access.
  • Review the plugin’s configuration and remove any hard‑coded sensitive data, ensuring no confidential information is embedded in its files.

Generated by OpenCVE AI on April 29, 2026 at 13:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Wed, 10 Dec 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Alekv
Alekv pixel Manager For Woocommerce
Wordpress
Wordpress wordpress
Vendors & Products Alekv
Alekv pixel Manager For Woocommerce
Wordpress
Wordpress wordpress

Tue, 09 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Dec 2025 14:30:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through <= 1.51.1.
Title WordPress Pixel Manager for WooCommerce plugin <= 1.51.1 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References

Subscriptions

Alekv Pixel Manager For Woocommerce
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T19:22:54.580Z

Reserved: 2025-12-09T12:21:23.943Z

Link: CVE-2025-67564

cve-icon Vulnrichment

Updated: 2025-12-09T20:09:14.804Z

cve-icon NVD

Status : Deferred

Published: 2025-12-09T16:18:32.960

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-67564

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T13:45:12Z

Weaknesses