Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.8 views

CVE-2026-7613

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS5.7AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 4:27 p.m.10 views

EUVD-2026-31126

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

7.2CVSS6AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 4:27 p.m.21 views

CVE-2026-7613

CVE-2026-7613 affects the Cost of Goods by PixelYourSite plugin for WordPress. It allows unauthenticated Stored XSS via csvdata[0][cost_of_goods_value] in versions up to 1.2.12 due to insufficient input sanitization and output escaping, enabling arbitrary scripts to run on pages loaded by users. ...

7.2CVSS6AI score0.00255EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/02 5:29 a.m.8 views

EUVD-2026-26749

The PixelYourSite Pro – Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...

7.2CVSS5.9AI score0.00577EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/02 5:29 a.m.7 views

CVE-2026-7049 PixelYourSite Pro <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery via 'urls[]' Parameter

The PixelYourSite Pro – Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...

7.2CVSS5.9AI score0.00577EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/02/20 3:47 p.m.2 views

CVE-2026-27072 WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 11.2.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL TAG Manager pixelyoursite allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL TAG Manager: from n/a through = 11.2.0.1...

7.1CVSS5.3AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:47 p.m.18 views

CVE-2026-27072

CVE-2026-27072 affects the WordPress plugin PixelYourSite – Your smart PIXEL (TAG) Manager. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization in web page generation, exploitable via the pysTrafficSource and pys_landing_page parameters. Affected...

7.1CVSS5.5AI score0.00146EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/17 1:49 p.m.8 views

WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 11.2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0.1...

7.1CVSS5.4AI score0.00146EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/15 1:19 a.m.11 views

CVE-2026-1841

The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pyslandingpage' parameter in all versions up to, and including, 11.2.0 due to insufficient input sanitization and output escaping...

7.2CVSS6.1AI score0.00302EPSS
Exploits0References1
NVD
NVD
added 2026/02/13 10:16 p.m.13 views

CVE-2026-1844

The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pyslandingpage' parameter in all versions up to, and including, 12.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00283EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/13 9:23 p.m.32 views

CVE-2026-1841 PixelYourSite <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting

The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pyslandingpage' parameter in all versions up to, and including, 11.2.0 due to insufficient input sanitization and output escaping...

7.2CVSS0.00302EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/30 7:7 p.m.5 views

CVE-2025-14280

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS5.8AI score0.0038EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/29 6:20 p.m.25 views

CVE-2025-14280 PixelYourSite <= 11.1.5 - Sensitive Information Exposure via Log File

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...

5.3CVSS0.0038EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/24 6:0 a.m.8 views

CVE-2025-10723 PixelYourSite < 11.1.2 - Admin+ LFI

The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks...

0.00279EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 6:59 a.m.5 views

CVE-2025-10588

The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect nonce validation on the adminEnableGdprAjax function. This makes it possible for unauthenticate...

4.3CVSS5.2AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:1 a.m.6 views

CVE-2023-1805

The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00458EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.3 views

PT-2025-4415 · Unknown · Pixelyoursite

Name of the Vulnerable Software and Affected Versions: PixelYourSite – Your smart PIXEL TAG Manager versions through 10.0.1.2 Description: A Cross-Site Request Forgery CSRF issue affects PixelYourSite, allowing unauthorized requests. This can lead to various security problems, as it enables...

5.4CVSS7.1AI score0.00169EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.4 views

PT-2024-38647 · WordPress · Pixelyoursite Pro +1

Name of the Vulnerable Software and Affected Versions: PixelYourSite – Your smart PIXEL TAG & API Manager versions up to and including 9.7.1 PixelYourSite PRO versions up to and including 10.4.2 Description: The vulnerability allows unauthenticated attackers to view potentially sensitive...

7.5CVSS6.9AI score0.0045EPSS
Exploits0References11
OSV
OSV
added 2023/06/09 6:16 a.m.3 views

CVE-2023-2584

The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 9.6.1 in the Pro version due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.8CVSS6.7AI score0.00516EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.4 views

WordPress Plugin PixelYourSite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS6.5AI score0.00516EPSS
Exploits0References4
Rows per page
Query Builder