Cross-site Scripting Vulnerability in PixelYourSite Plugin by PixelYourSite
CVE-2026-27072

7.1HIGH

Key Information:

Vendor: WordPress
Status: Pixelyoursite – Your Smart Pixel (tag) Manager
Vendor: CVE Published:; 20 February 2026

What is CVE-2026-27072?

The PixelYourSite plugin for WordPress is affected by a stored Cross-site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. This flaw allows attackers to inject malicious scripts into web pages, which can then be executed in the context of users accessing the page. The vulnerability impacts all versions of the plugin up to and including 11.2.0.1, making it critical for website administrators to apply necessary updates and safeguards to protect users from potential exploitation.

Affected Version(s)

PixelYourSite – Your smart PIXEL (TAG) Manager 0 <= 11.2.0.1

References

https://patchstack.com/database/Wordpress/Plugin/pixelyou...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Feb 17, 2026

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program

CVE-2026-27072 Data

JSON