Pixelyoursite
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pixelyoursite.
By the Year
In 2026 there have been 2 vulnerabilities in Pixelyoursite with an average score of 7.2 out of ten. Last year, in 2025 Pixelyoursite had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Pixelyoursite in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 4.45.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.15 |
| 2025 | 2 | 2.70 |
| 2024 | 2 | 6.15 |
| 2023 | 2 | 4.35 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 5.40 |
It may take a day or so for new Pixelyoursite vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pixelyoursite Security Vulnerabilities
PixelYourSite <=11.2.0.1 PIXEL Manager StoredXSS
CVE-2026-27072
7.1 - High
- February 20, 2026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite Your smart PIXEL (TAG) Manager pixelyoursite allows Stored XSS.This issue affects PixelYourSite Your smart PIXEL (TAG) Manager: from n/a through <= 11.2.0.1.
XSS
PixelYourSite Plugin 11.2.0 Stored XSS via pysTrafficSource/pys_landing_page
CVE-2026-1841
7.2 - High
- February 13, 2026
The PixelYourSite Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 11.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
PixelYourSite WP Plugin LFI via Unvalidated URL Paths Pre-11.1.2
CVE-2025-10723
2.7 - Low
- October 24, 2025
The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks
Directory traversal
CSRF in PixelYourSite 10.0.1.2 Your Smart PIXEL (TAG) Manager
CVE-2025-22300
- January 07, 2025
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite Your smart PIXEL (TAG) Manager pixelyoursite allows Cross Site Request Forgery.This issue affects PixelYourSite Your smart PIXEL (TAG) Manager: from n/a through <= 10.0.1.2.
Session Riding
Sensitive Info Exposure via Public Log Files in PixelYourSite <=9.7.1 & 10.4.2
CVE-2024-7870
7.5 - High
- September 04, 2024
The PixelYourSite Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.
authentification
PixelYourSite XSS in Your smart PIXEL (TAG) Manager <9.6.1.1
CVE-2024-37447
4.8 - Medium
- July 21, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite Your smart PIXEL (TAG) Manager allows Stored XSS.This issue affects PixelYourSite Your smart PIXEL (TAG) Manager: from n/a through 9.6.1.1.
XSS
PixelYourSite 9.3.6 Stored XSS via Admin Settings
CVE-2023-2584
4.4 - Medium
- June 09, 2023
The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
XSS
PixelYourSite CSRF in Tag Manager <=9.3.0
CVE-2023-22700
4.3 - Medium
- March 13, 2023
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite Your smart PIXEL (TAG) Manager plugin <= 9.3.0 versions.
Session Riding
Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress
CVE-2018-0578
5.4 - Medium
- May 14, 2018
Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pixelyoursite or by Pixelyoursite? Click the Watch button to subscribe.
