There are no security issues in the free version of the plugin, there is no need to issue an update.
There is! I receive fake orders and this was the problem with the Pro plugin also. Still i receive such last days.
This forum is dedicated to the free version of the plugin and this one has no vulnerabilities.
The patch for the pro plugin is available and was already released at the time this discussion started, please update and follow these instructions: https://www.pixelyoursite.com/security-update-pixelyoursite-pro
I use the free version and indicate the same problem with the plugin with receiving fake orders and executing script in the background. here is the link with the problem:
redpacketsecurity.com/cve-alert-cve-2026-1844-pixelyoursite-pixelyoursite-pro-your-smart-pixel-tag-manager/?fbclid=IwY2xjawP_5CxleHRuA2FlbQIxMABicmlkETE3OG5sQnBST0xqZjBwc2g1c3J0YwZhcHBfaWQQMjIyMDM5MTc4ODIwMDg5MgABHjLzEu5mfjbOdSQp5uTzCXLgZXYAbG20DTGggZ0cOaxuh1XwRHD6PJGdNGGM_aem_V0U0UZoUfddV6Ai2h3nlOg&__cf_chl_rt_tk=2jKWBn0b5V_cZWddDRg1izi7rHk.Z4C4xlI5pCm23Nw-1771427850-1.0.1.1-oy1wQHj2m0flIa8xkhKoIpDBkPySg4BsfKHRArC.4Xc
i hope you will have that fixed for free version only as this is critical vulnerability.
That is the free version log, and this was released on February 11, 2026. It is indeed the version that has the fix, 11.2.0.2.
The final fix for the pro version is included in version 12.4.1.
Recommended Actions:
- Update the plugin to the latest version immediately.
- Reset all administrator passwords.
- Review the list of administrator users and remove any unfamiliar accounts.
- Review WooCommerce → Advanced → REST API and delete any unknown or suspicious API keys.
- As an extra precaution, you can also regenerate existing REST API keys. Replace them in the services that use them.
As a precaution, we also recommend enabling two-factor authentication (2FA) for all administrator accounts.
Search your database for staticsx to find dangerous order data, which can create admin user when viewed.
