WordPress Plugin Vulnerabilities

PixelYourSite – Your smart PIXEL (TAG) Manager < 9.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description

The PixelYourSite – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.

Affects Plugins

Plugin icon
pixelyoursite
Fixed in 9.6.2

References

CVE
CVE-2024-37447
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/cb0fee1c-9dac-497c-a364-3b616e4b8ac0

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.4 (medium)

Miscellaneous

Original Researcher
ngductung
Verified
No
WPVDB ID
3611bbff-4fed-4139-bea1-11a08ec3ab5d

Timeline

Publicly Published
2024-06-28 (about 1 year ago)
Added
2024-07-03 (about 1 year ago)
Last Updated
2024-07-03 (about 1 year ago)

Other

Published
Title
Published
2025-06-05
Title
Search with Typesense < 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-03-24
Title
AvaiBook <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2020-08-29
Title
Real Estate 7 < 3.0.5 - Unauthenticated Reflected XSS
Published
2025-06-26
Title
A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-03-28
Title
Better Section Navigation Widget < 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting