GCVE - cpe:2.3:a:fatcatapps:pixel_cat:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:fatcatapps:pixel_cat:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Fatcatapps (`b9ce87b5-9204-5b91-a1a1-14e099476202`)
Product	Pixel Cat (`2a00f290-fbdc-5c1b-9798-2e44facdc877`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-8544`	vulnerable	2026-06-03 14:58:18.708100	Pixel Cat – Conversion Pixel Manager <= 3.0.5 - Reflected Cross-Site Scripting MEDIUM (6.1) The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Published: 2024-09-24T01:56:48.603Z Updated: 2026-04-08T17:34:43.088Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/fc4f4a78-7224-4f58-a103-7ad4df0eb36e?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3151635%40facebook-conversion-pixel&new=3151635%40facebook-conversion-pixel&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/browser/facebook-conversion-pixel/trunk/includes/notices/notices.php?rev=2918763#L81	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24972`	vulnerable	2026-06-03 14:44:04.123746	Pixel Cat Lite < 2.6.3 - Admin+ Stored Cross-Site Scripting The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed Published: 2021-12-13T10:41:32.000Z Updated: 2024-08-03T19:49:14.378Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/b960cb36-62de-4b9f-a35d-144a34a4c63d	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24922`	vulnerable	2026-06-03 14:44:04.005013	Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks Published: 2021-12-13T10:41:19.000Z Updated: 2024-08-03T19:49:13.810Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/399ffd65-f3c0-4fbe-a83a-2a620976aad2	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.