CVE-2026-27072
Awaiting Analysis Awaiting Analysis - Queue
Stored XSS in PixelYourSite Plugin Allows Persistent Script Injection

Publication date: 2026-02-20

Last updated on: 2026-02-23

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PixelYourSite PixelYourSite – Your smart PIXEL (TAG) Manager pixelyoursite allows Stored XSS.This issue affects PixelYourSite – Your smart PIXEL (TAG) Manager: from n/a through <= 11.2.0.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-23
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-14
NVD
CVE-2026-27072
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pixelyoursite pixelyoursite to 11.2.0.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-27072 is a medium priority Cross Site Scripting (XSS) vulnerability affecting the WordPress plugin "PixelYourSite – Your smart PIXEL (TAG) Manager" versions up to and including 11.2.0.1.'}, {'type': 'paragraph', 'content': 'This vulnerability allows an attacker to inject malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”that execute when visitors access the compromised site.'}, {'type': 'paragraph', 'content': 'Exploitation requires user interaction by a privileged user performing actions like clicking a malicious link, visiting a crafted page, or submitting a form.'}, {'type': 'paragraph', 'content': 'The vulnerability falls under the OWASP Top 10 category A3: Injection.'}] [1]

Impact Analysis

This vulnerability can lead to the execution of malicious scripts on your website, which may result in unauthorized redirects, display of unwanted advertisements, or other harmful HTML payloads.

Such attacks can compromise the integrity and trustworthiness of your website, potentially harming your users and damaging your reputation.

Exploitation depends on privileged user interaction, meaning attackers may trick authorized users into triggering the malicious scripts.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a Stored Cross Site Scripting (XSS) issue in the PixelYourSite WordPress plugin versions up to 11.2.0.1. Detection involves identifying if your site is running a vulnerable version of the plugin and monitoring for suspicious script injections or unusual behavior triggered by user interactions.

While no specific commands are provided in the resources, general detection steps include:

  • Check the installed version of the PixelYourSite plugin to see if it is version 11.2.0.1 or earlier.
  • Review web server logs and application logs for unusual requests or payloads containing script tags or suspicious HTML.
  • Use web vulnerability scanners that can detect stored XSS vulnerabilities in WordPress plugins.
  • Manually test input fields or forms managed by the plugin by submitting typical XSS payloads to see if they are improperly sanitized and reflected.
Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary immediate mitigation step is to update the PixelYourSite plugin to version 11.2.0.2 or later, where the vulnerability is patched.'}, {'type': 'paragraph', 'content': "Until the update can be applied, it is recommended to implement Patchstack's mitigation rules to block attacks targeting this vulnerability."}, {'type': 'paragraph', 'content': 'Additionally, consider restricting privileged user interactions that could trigger the exploit, such as avoiding clicking suspicious links or submitting untrusted forms.'}, {'type': 'paragraph', 'content': 'Enabling automatic updates for vulnerable plugins can also help ensure timely patching in the future.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27072. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart