Security update required

We have identified and fixed a security vulnerability (XSS) in older versions of our plugins (PixelYourSite Professional ≤12.4.0.3, PixelYourSite Free ≤11.2.0.1).

We strongly recommend updating immediately: 

PixelYourSite Free 11.2.0.2. 

PixelYourSite Professional 12.4.1

Under specific conditions, this vulnerability could allow an attacker to execute malicious scripts within an authenticated administrator session. In some cases, this may have enabled unauthorized creation of WooCommerce REST API keys or orders with falsified data.

The vulnerability has been fully patched in the latest version of the plugins.

Required Actions:

1. Update the plugin to the latest version immediately.
2. Reset all administrator passwords.
3. Review the list of administrator users and remove any unfamiliar accounts.
4. Review WooCommerce → Advanced → REST API and delete any unknown or suspicious API keys.
5. As an extra precaution, you can also regenerate existing REST API keys. Replace them in the services that use them.

As a precaution, we also recommend enabling two-factor authentication (2FA) for all administrator accounts.

If you no longer have access to updates and you still use an older version of the PixelYourSite Pro plugin, replace it with the free plugin instead (11.2.0.2).