cleantalk
Vulnerabilities and Security Researches

PixelYourSite – Your smart PIXEL (TAG) Manager, CVE-2026-1841

CVE, Research URL

CVE-2026-1841

Home page URL

Security reports for PixelYourSite – Your smart PIXEL (TAG) Manager

Application

PixelYourSite – Your smart PIXEL (TAG) Manager

Published on
Feb 14, 2026
Research Description
The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 11.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2026-27072 is likely a duplicate of this issue.
Affected versions
max 11.2.0.1.
Status
vulnerable
Previous vulnerability researches
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) (CVE-2025-24750) , Jan 26, 2025
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) (CVE-2026-1993) , Apr 14, 2026
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) (CVE-2026-1992) , Apr 14, 2026
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) (CVE-2023-23880) , Jun 06, 2024
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) (CVE-2023-0082) , Jun 06, 2024
New vulnerability
Customer Reviews for WooCommerce (CVE-2026-1316) , Apr 15, 2026
WP Recipe Maker (CVE-2026-1558) , Apr 15, 2026
Page and Post Clone (CVE-2026-2893) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-2589) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-1927) , Apr 15, 2026