CVE-2026-1844 - Vulnerability Analysis
HighCVSS: 7.2Last Updated: February 13, 2026
PixelYourSite PRO - Stored XSS
Published: February 13, 2026Updated: February 13, 2026PoC AvailableRemote Exploitable
Overview
PixelYourSite PRO WordPress plugin <= 12.4.0.2 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in 'pysTrafficSource' and 'pys_landing_page' parameters, letting unauthenticated attackers execute arbitrary scripts on user pages.
Severity & Score
Severity: High
CVSS Score: 7.2
Impact
Unauthenticated attackers can inject scripts that execute in users' browsers, potentially stealing data or performing actions on behalf of users.
Mitigation
Update to the latest version beyond 12.4.0.2.
References
Related Resources
Details
- CVE ID
- CVE-2026-1844
- Severity
- High
- CVSS Score
- 7.2
- Type
- stored_xss
- Status
- new
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N