CVE-2026-7049

Name of the Vulnerable Software and Affected Versions PixelYourSite Pro versions prior to 12.5.0.2

Description The PixelYourSite Pro plugin for WordPress is susceptible to Server-Side Request Forgery (SSRF), a flaw where an attacker forces the server to make requests to an unintended location. This allows unauthenticated attackers to initiate web requests to arbitrary locations from the web application, potentially querying or modifying information from internal services. The issue occurs via the scan video function. This is a blind SSRF, meaning the response bodies are parsed internally for YouTube or Vimeo patterns and are not returned to the attacker.

Recommendations Update to a version later than 12.5.0.1. As a temporary workaround, restrict access to the scan video function to minimize the risk of exploitation.