WWordPress Vulnerability Database

Security Advisory XSS in PixelYourSite Pro(CVE20261844)

Cross Site Scripting (XSS) in WordPress PixelYourSite PRO Plugin
0
Shares
0
0
0
0
Plugin Name PixelYourSite PRO
Type of Vulnerability Cross-Site Scripting (XSS)
CVE Number CVE-2026-1844
Urgency Medium
CVE Publish Date 2026-03-14
Source URL CVE-2026-1844

Unauthenticated Stored XSS in PixelYourSite PRO (<= 12.4.0.2) — What it Means for Your WordPress Site and How to Protect It

Author: Hong Kong Security Expert   |   Date: 2026-03-12

A vulnerability has been disclosed affecting PixelYourSite PRO versions up to and including 12.4.0.2: an unauthenticated stored Cross‑Site Scripting (XSS) issue (CVE-2026-1844). The plugin vendor released version 12.4.0.3 to address the issue. Stored XSS that can be triggered without authentication expands attacker reach and must be treated with urgency by site owners and administrators.

This article explains what the vulnerability is, how an attacker might exploit it, the likely impact, detection steps, immediate mitigations, and longer‑term hardening. If you run PixelYourSite PRO, update to version 12.4.0.3 or later as your first and primary action.

Executive summary (what every site owner should do right now)

  • Immediately update PixelYourSite PRO to version 12.4.0.3 or later.
  • If you cannot update immediately, implement virtual patching or WAF rules to block likely exploit payloads and requests to the vulnerable endpoint(s).
  • Scan the site for injected scripts and signs of compromise (malicious