CVE-2026-27072
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
2Tags
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite - Your smart PIXEL (TAG) Manager pixelyoursite allows Stored XSS.This issue affects PixelYourSite - Your smart PIXEL (TAG) Manager: from n/a through <= 11.2.0.1.
Analysis
PixelYourSite plugin versions up to 11.2.0.1 contain a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into web pages without authentication. An attacker can exploit this to execute arbitrary JavaScript in the browsers of site visitors, potentially stealing session data or performing unauthorized actions on behalf of users. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit PixelYourSite plugin usage across all WordPress instances and identify all sites running version 11.2.0.1 or earlier. Within 7 days: Implement input validation and output encoding controls at the application layer; deploy WAF rules to detect and block XSS payloads targeting the vulnerable plugin endpoints; consider disabling the plugin if business-critical patches cannot be immediately applied. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today