PT-2026-8037 · WordPress · Pixelyoursite
Os
+1
·
Published
2026-02-13
·
Updated
2026-02-14
·
CVE-2026-1841
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress versions through 11.2.0
Description
The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting. Insufficient input sanitization and output escaping in the
pysTrafficSource parameter and the pys landing page parameter allow unauthenticated attackers to inject arbitrary web scripts. These scripts will execute when a user accesses an injected page.Recommendations
Update PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress to a version later than 11.2.0.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pixelyoursite