nmsuser

Thank you for the prompt response, the problem has been found.

We have identified and fixed a security vulnerability (XSS) older versions of our plugin (≤12.4.0.3).

We strongly recommend updating immediately to version 12.4.1.

Under specific conditions, this vulnerability could allow an attacker to execute malicious scripts within an authenticated administrator session. In some cases, this may have enabled unauthorized creation of WooCommerce REST API keys or orders with falsified data.

The vulnerability has been fully patched in the latest version of the plugin.

Required Actions:

• Update the plugin to the latest version immediately.

• Reset all administrator passwords.

• Review the list of administrator users and remove any unfamiliar accounts.

• Review WooCommerce → Advanced → REST API and delete any unknown or suspicious API keys.

• As an extra precaution, you can also regenerate existing REST API keys. Replace them in the services that use them.

As a precaution, we also recommend enabling two-factor authentication (2FA) for all administrator accounts.

The free version of the PixelYourSite plugin is not affected.

If you no longer have access to updates and you still use an older version of the PixelYourSite Pro plugin, replace it with the free plugin instead.