Taboola Pixel
Monthly
Taboola Pixel versions up to and including 1.1.4 contain a Reflected Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages during generation. An attacker can craft a malicious URL containing JavaScript payload and trick users into clicking it, causing the injected code to execute in the victim's browser with their session privileges. This vulnerability affects the Taboola Pixel WordPress plugin and has been identified by Patchstack; no CVSS score or EPSS data is currently available, but the reflected XSS classification and WordPress plugin distribution suggest moderate to high real-world risk given the plugin's widespread usage.
Taboola Pixel versions up to and including 1.1.4 contain a Reflected Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages during generation. An attacker can craft a malicious URL containing JavaScript payload and trick users into clicking it, causing the injected code to execute in the victim's browser with their session privileges. This vulnerability affects the Taboola Pixel WordPress plugin and has been identified by Patchstack; no CVSS score or EPSS data is currently available, but the reflected XSS classification and WordPress plugin distribution suggest moderate to high real-world risk given the plugin's widespread usage.