20 matches found
CVE-2026-7613
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
CVE-2026-7613
CVE-2026-7613 affects the Cost of Goods by PixelYourSite plugin for WordPress. It allows unauthenticated Stored XSS via csvdata[0][cost_of_goods_value] in versions up to 1.2.12 due to insufficient input sanitization and output escaping, enabling arbitrary scripts to run on pages loaded by users. ...
EUVD-2026-31126
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata0costofgoodsvalue' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...
EUVD-2026-26749
The PixelYourSite Pro – Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...
CVE-2026-7049 PixelYourSite Pro <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery via 'urls[]' Parameter
The PixelYourSite Pro – Your smart PIXEL TAG Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scanvideo. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating fro...
CVE-2026-27072 WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 11.2.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL TAG Manager pixelyoursite allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL TAG Manager: from n/a through = 11.2.0.1...
CVE-2026-27072
CVE-2026-27072 affects the WordPress plugin PixelYourSite – Your smart PIXEL (TAG) Manager. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization in web page generation, exploitable via the pysTrafficSource and pys_landing_page parameters. Affected...
WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 11.2.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin PixelYourSite – Your smart PIXEL TAG Manager versions = 11.2.0.1...
CVE-2026-1841
The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pyslandingpage' parameter in all versions up to, and including, 11.2.0 due to insufficient input sanitization and output escaping...
CVE-2026-1844
The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pyslandingpage' parameter in all versions up to, and including, 12.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-1841 PixelYourSite <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting
The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pyslandingpage' parameter in all versions up to, and including, 11.2.0 due to insufficient input sanitization and output escaping...
CVE-2025-14280
The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...
CVE-2025-14280 PixelYourSite <= 11.1.5 - Sensitive Information Exposure via Log File
The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files...
CVE-2025-10723 PixelYourSite < 11.1.2 - Admin+ LFI
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks...
CVE-2025-10588
The PixelYourSite – Your smart PIXEL TAG & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect nonce validation on the adminEnableGdprAjax function. This makes it possible for unauthenticate...
CVE-2023-1805
The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2025-4415 · Unknown · Pixelyoursite
Name of the Vulnerable Software and Affected Versions: PixelYourSite – Your smart PIXEL TAG Manager versions through 10.0.1.2 Description: A Cross-Site Request Forgery CSRF issue affects PixelYourSite, allowing unauthorized requests. This can lead to various security problems, as it enables...
PT-2024-38647 · WordPress · Pixelyoursite Pro +1
Name of the Vulnerable Software and Affected Versions: PixelYourSite – Your smart PIXEL TAG & API Manager versions up to and including 9.7.1 PixelYourSite PRO versions up to and including 10.4.2 Description: The vulnerability allows unauthenticated attackers to view potentially sensitive...
CVE-2023-2584
The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 9.6.1 in the Pro version due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress Plugin PixelYourSite 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...