Cross Site Scripting (XSS) – Security Issue | ww.wp.xz.cn

Resolved matute2999
(@matute2999)

2 years, 11 months ago

Hello, Im getting an alert on my sites saying theres a vulnerability in the plugin on versions < 9.6.2.

As I can see the latest version there is was the one released 2 weeks ago, 9.3.8.1.

Should I be concerned?

“Marco Wotschka discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress PixelYourSite – Your smart PIXEL (TAG) Manager Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 9.6.2.”

The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)

Plugin Author PixelYourSite
(@pixelyoursite)

2 years, 11 months ago
Hello,

The issue is already explained here: https://ww.wp.xz.cn/support/topic/xss-vulnerability-62/

The 9.6.2 version number refers to the paid plugin (now at 9.7.1), not the free version available here.

We already contacted patchstack to make the necessary correction.
- This reply was modified 2 years, 11 months ago by PixelYourSite.

Viewing 1 replies (of 1 total)

The topic ‘Cross Site Scripting (XSS) – Security Issue’ is closed to new replies.

2 replies
2 participants
Last reply from: PixelYourSite
Last activity: 2 years, 11 months ago
Status: resolved