Vulnerabilities and security researches forpixelyoursite pixelyoursite

Jun 07, 2024

CVE, Research URL: CVE-2023-22700
Home page URL: Security reports for PixelYourSite – Your smart PIXEL (TAG) Manager
Application: PixelYourSite – Your smart PIXEL (TAG) Manager
Date: Mar 13, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 9.3.0 versions.
Affected versions: max 9.3.1.
Status: vulnerable

CVE, Research URL: CVE-2023-2584
Home page URL: Security reports for PixelYourSite – Your smart PIXEL (TAG) Manager
Application: PixelYourSite – Your smart PIXEL (TAG) Manager
Date: Jun 09, 2023
Research Description: The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: max 9.3.7.
Status: vulnerable

CVE, Research URL: CVE-2018-0578
Home page URL: Security reports for PixelYourSite – Your smart PIXEL (TAG) Manager
Application: PixelYourSite – Your smart PIXEL (TAG) Manager
Date: May 14, 2018
Research Description: Cross-site scripting vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected versions: max 5.3.0.
Status: vulnerable

Jul 02, 2024

CVE, Research URL: CVE-2024-37447
Home page URL: Security reports for PixelYourSite – Your smart PIXEL (TAG) Manager
Application: PixelYourSite – Your smart PIXEL (TAG) Manager
Date: Jul 22, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 9.6.1.1.
Affected versions: max 9.6.2.
Status: vulnerable

Sep 05, 2024

CVE, Research URL: CVE-2024-7870
Home page URL: Security reports for PixelYourSite – Your smart PIXEL (TAG) Manager
Application: PixelYourSite – Your smart PIXEL (TAG) Manager
Date: Sep 04, 2024
Research Description: The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files.
Affected versions: max 9.7.2.
Status: vulnerable

Jan 09, 2025

CVE, Research URL: CVE-2025-22300
Home page URL: Security reports for PixelYourSite – Your smart PIXEL (TAG) Manager
Application: PixelYourSite – Your smart PIXEL (TAG) Manager
Date: Jan 07, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager allows Cross Site Request Forgery.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through 10.0.1.2.
Affected versions: max 10.0.2.
Status: vulnerable

Mar 04, 2025

CVE, Research URL: CVE-2025-0769
Home page URL: Security reports for PixelYourSite – Your smart PIXEL (TAG) Manager
Application: PixelYourSite – Your smart PIXEL (TAG) Manager
Date: Mar 01, 2025
Research Description: PixelYourSite - Your smart PIXEL (TAG) and API Manager 10.1.1.1 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/modules/facebook/facebook-server-a sync-task.php.
Affected versions: max 10.1.1.2.
Status: vulnerable

Dec 10, 2025

CVE, Research URL: CVE-2025-10588
Home page URL: Security reports for PixelYourSite – Your smart PIXEL (TAG) Manager
Application: PixelYourSite – Your smart PIXEL (TAG) Manager
Date: Oct 22, 2025
Research Description: The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 11.1.2. This is due to missing or incorrect nonce validation on the adminEnableGdprAjax() function. This makes it possible for unauthenticated attackers to modify GDPR settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 11.1.3.
Status: vulnerable

CVE, Research URL: CVE-2025-10723
Home page URL: Security reports for PixelYourSite – Your smart PIXEL (TAG) Manager
Application: PixelYourSite – Your smart PIXEL (TAG) Manager
Date: Oct 24, 2025
Research Description: The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks
Affected versions: max 11.1.2.
Status: vulnerable