Skip to main content

Taboola Pixel

1 CVEs product

Monthly

CVE-2026-32545 HIGH This Week

Taboola Pixel versions up to and including 1.1.4 contain a Reflected Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages during generation. An attacker can craft a malicious URL containing JavaScript payload and trick users into clicking it, causing the injected code to execute in the victim's browser with their session privileges. This vulnerability affects the Taboola Pixel WordPress plugin and has been identified by Patchstack; no CVSS score or EPSS data is currently available, but the reflected XSS classification and WordPress plugin distribution suggest moderate to high real-world risk given the plugin's widespread usage.

XSS Taboola Pixel
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH This Week

Taboola Pixel versions up to and including 1.1.4 contain a Reflected Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages during generation. An attacker can craft a malicious URL containing JavaScript payload and trick users into clicking it, causing the injected code to execute in the victim's browser with their session privileges. This vulnerability affects the Taboola Pixel WordPress plugin and has been identified by Patchstack; no CVSS score or EPSS data is currently available, but the reflected XSS classification and WordPress plugin distribution suggest moderate to high real-world risk given the plugin's widespread usage.

XSS Taboola Pixel
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy